The Indian Express

Tue Aug 30 2011, 03:51 hrs

The Unique Identification project is a mission of surpassing ambition — it aims to provide every Indian citizen a unique 12-digit number that can be used to call up basic demographic and identity information through biometric scans. The government sees it as giving every Indian an acknowledged existence, ensuring that no one is locked out of social entitlements for the lack of a scrap of official paper. It hopes to ensure sharper targeting of welfare programmes, minimise leakages and collapse the many cumbersome IDs currently in use, into a single number. Critics of the project have focused on the privacy hazards and surveillance possibilities of the scheme. The UIDAI’s rationale has been that the clear benefits outweigh potential dangers to privacy, which can, in any case, be averted by strong safeguards.

However, the philosophical battle apart, the UID has a more concrete cost-benefit analysis to contend with. The project’s cost has escalated many times since it was first conceived in February 2009. A single UID, earlier estimated to cost around Rs 31 per person, may now end up in the Rs 400-500 territory. First, the finance ministry balked at the new levels of spending — partly data compilation costs, from designated registrars — and suggested the UID mesh its efforts with the national census wherever possible. It also wants to trim the biometric technology costs — the iris scan has nearly tripled the UID’s price tag. While the UID defends its choices, and says the high volume of iris devices and software demanded by India will bring the price down, others in the Planning Commission claim the iris scan was intended as an extra measure to prevent duplication, not thrown in with every ID. These are not arguments to be settled on notions, and it would be timely for the UID to make a persuasive case for its choice. The Planning Commission has also expressed its concern about the UID’s registrar system (which includes public and private companies), asking for clear lines of responsibility and supervision. The UIDAI had even suggested a cash incentive for some of these registrars, a plan that met with serious objection

A spear phishing email that has surfaced in a security database looks like it may have been the one to hit RSA

By Robert McMillan, IDG News Service
August 26, 2011 02:34 AM ET

“I forward this file to you for review. Please open and view it.”

As a ploy to get a hapless EMC recruiter to open up a booby-trapped Excel spreadsheet, it may not be the most sophisticated piece of work. But researchers at F-Secure believe that it was enough to break into one of the most respected computer security companies on the planet, and a first step in a complex attack that ultimately threatened the security of major U.S. defense contractors including Lockheed Martin, L-3 and Northrop Grumman.

The email was sent on March 3 and uploaded to VirusTotal, a free service used to scan suspicious messages, on March 19, two days after RSA went public with the news that it had been hacked in one of the worst security breaches ever.

[BACKGROUND: The RSA Hack FAQ]

Researchers at F-Secure, the company that discovered the message Monday, believe that it was very likely the message that led to the RSA compromise. If true, the finding sheds light on the kind of trickery, called social engineering by security pros, it takes to break into a major security company.

F-Secure anti-malware analyst Timo Hirvonen discovered the email message buried in the millions of submissions stored in this crowd-sourced database of malicious or potentially malicious files. VirusTotal lets computer users upload a suspicious file, say an Excel spreadsheet that might be infected, and have it scanned by over 40 of the world’s top antivirus companies. In return for the free scan, the AV vendors get to examine the files, making the service a great way of learning about malicious software after the fact.

Click to see: The email

Hirvonen had been searching VirusTotal’s database for the RSA attack file ever since RSA acknowledged that it had been compromised. The hackers had sent two different phishing emails to small groups of company employees over a two day period, but nobody outside of RSA and its parent company EMC knew the full contents of those messages. It wasn’t even clear if they were included in VirusTotal’s data.

RSA has released some details about the attack, but Hirvonen’s find is a first look at just what it took to get an EMC employee to open that dangerous attachment.

“The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached Excel file,” wrote RSA Head of New Technologies Uri Rivner in the April 1 blog posting that laid out most of what RSA has said publicly about the email. “It was a spreadsheet titled “2011 Recruitment plan.xls.”

Hirvonen didn’t know for sure he’d find the email in VirusTotal, but he thought that there was a chance that someone at RSA had uploaded to see what it was. Searching for the 2011 Recruitment Plan spreadsheet yielded nothing, however.

But this month Hirvonen finished up a data analysis tool that allowed him to find his needle in the Virus Total haystack. His technique: he scoured the data for flash objects — software written to run in Adobe’s Flash Player — that looked like they may have been used in the RSA attack. RSA had previously said that the hackers used software that took advantage of a bug in Adobe Flash and offered some technical details on the attack.
“It was a difficult one to find,” Hirvonen said. “We had to work really hard to find it.”

With his new tool, Hirvonen quickly discovered a Microsoft Outlook .msg file. When he opened it up, he knew he was onto something. Inside was a message that had been spoofed to look like it had come from recruiting website Beyond.com. “I forward this file to you for review. Please open and view it,” the message read. The subject: “2011 Recruitment plan.” The attachment: an Excel spreadsheet entitled “2011 Recruitment plan.xls”

Looking closer, Hirvonen found that the file seemed to match RSA’s description in possible every way. The Excel file contained the same Flash attack code; It used the same remote control software, called Poison Ivy, and it tried to connect to the same Internet address as RSA’s attacker.

The email was sent to EMC employees, apparently in the human resources department, and looked like it came from webmaster@beyond.com, a generic address from a website that has listed EMC jobs in the past. But that was a spoofed address, Hirvonen said. In reality the email wasn’t sent from the Beyond.com servers.

F-Secure believes that it’s one of the two spearphishing emails used to target RSA.

In the past, RSA characterized the hacking incident as an “extremely sophisticated cyberattack,” but if this is indeed the email used to break in, it illustrates a guiding principle of these cyber espionage attacks — the hackers will use anything that works, even simple tricks. If they fail, they will try again and again until they break through.

The key, security experts say, is in spotting the attackers and keeping them from moving around the network once they’ve broken in.

Reached Thursday, EMC’s RSA Security group was reluctant to say anything about the message. RSA wouldn’t say if there were any differences between Hirvonen’s email and the one that compromised the company. The company wouldn’t confirm that it was the one that got the attackers in, either. “Can we validate that this is the actual email?” said RSA spokeswoman Helen Stefan. “No.”

If this was the attack that wedged open RSA’s security, it wasn’t as sophisticated as others have been, said Alex Stamos, a partner with iSec Partners, a security consultancy that is part of NCC Group. “That’s a pretty embarrassing example for RSA,” he said. “It tells you that in any reasonably sized company, including a security company, there’s someone who will do something really dumb.”

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s email address is robert_mcmillan@idg.com

Face recognition software of the kind incorporated into biometric identification tools, photo-gallery applications and social media websites can be very useful but the technology raises privacy concern

Post by: crisisboom – The more you know, the better off you will be…

sciencecodex

Face recognition software of the kind incorporated into biometric identification tools, photo-gallery applications and social media websites can be very useful but the technology raises privacy concerns, given the seeming ease with which faces in photos can now be tied to an individual. Researchers in Russia and Poland hope to take face recognition technology an important step forward with the even more powerful software they have developed.

Writing in the International Journal of Biometrics, Georgy Kukharev of Saint Petersburg Electrotechnical University in Russia, and colleagues Paweł Forczmański and Andrzej Tujaka of the West Pomeranian University of Technology, Szczecin, Poland, explain how they have developed algorithms they refer to as two-dimensional Canonical Correlation Analysis (CCArc) and two-dimensional Partial Least Squares (PLSrc) for image matching where “rc” implies the analysis is applied to the images’ rows and columns.

Conventionally, scanning techniques based on CCA and PLS convert an image into a small set of variables, such as distance between eyes, width of jaw, and other factors. New images in which a face is to be identified are then categorized in the same way and the variables compared with those in the database. Correlation of a significant number of the variables gives a variable positive identification for the “new” face with one in the database and allows the software to verify with varying degrees of certain whether that new face is a specific individual in the database. The same technology can be used for biometric identification of a face on a driver’s license or on a social network, or for finding your friends and relatives in your photo collection.

The original algorithms for assessing and assigning variables are based on statistical methods developed in the 1930s. However, with the advent of more and more powerful computing, Forczmański and colleagues realized that these algorithms could be made much more powerful by measuring and analyzing many more variables in each image.

The team has extended the algorithms to utilize rows and columns and so generate a matrix for each image. They have tested them on known family databases as well as a photo gallery of their own creation with positive results. The algorithms perform well even with low-resolution images of faces and with varying lighting conditions and even if other objects, such as overhead lights or “loud” shirts are present in the photo. They have even developed a practical application that can find a person’s spouse given the presence of pairs of faces in single photographs.

BY D-USA, ON AUGUST 24TH, 2010

As the first results of our Endorsement Survey are arriving, and we feel that we need to clarify one of our questions and share our reasons for opposing a particular law in Oklahoma.

The Pirate Party of Oklahoma is not opposed to the inclusion of an identifying facial picture on drivers licenses issued to Oklahomans. Our drivers license was not created to be an ID card, it’s only purpose was to certify that the carrier of the license passed an examination by the Department of Public Safety and is authorized to operate a motor vehicle in the State of Oklahoma. For a law enforcement official to verify that the bearer of a license is the licensee in question, the official needs to be able to visually compare the person that is in possession of the license to the person the license was issued to. This objective is achieved by taking the picture at the time the license is issued and then printing it on the license.

The process we oppose is the collection of a biometric picture, in addition to biometric fingerprints, whenever a drivers license is being issued. Biometric facial pictures feature a higher resolution than is needed for a small picture on a license. This high resolution picture is then digitized, a biometric template is created, and together with a digital version of your fingerprint this information is stored in a database controlled by the Department of Public Safety.

Including a traditional photograph on your drivers license enables a law enforcement official to physically compare your face to the picture on the license. Taking your picture and adding your biometric profile stored in a database enables the Department of Public Safety to compare this profile to any other picture they want. This is already happening every time you renew your license, or when you change your address and have a new license issued. The Department of Public Safety takes a new biometric photo, converts it to a digital biometric profile, compares it with the previous biometric profile they have stored in your database, and if they match you get a new license.

The problem with technology like this is the always popular mission creep of our Government. Once the State of Oklahoma is in possession of your biometric profile, it can be used for many applications not originally indented by the legislators who wrote the law. Storing your biometric profile enables the state to use automated surveillance to monitor and log the activities of Oklahomans.

Using CCTV cameras already in use in many places, the state will be able to record crowds and use facial recognition software to scan the faces present at the event and match them to stored biometric profiles. Law enforcement officials would be able to use cameras mounted on vehicles to scan all the faces in a particular area and compare them to the database. Law enforcement officials on foot will be able to utilize hand-held video cameras to record your presence at a lawful rally, then scan all the faces and create a log of all people present. In short time the State of Oklahoma will have a database that shows that Oklahoman X was present at the Tea Party Rally, the Gay Pride Parade, and the Thunder playoff games. And by analyzing your past behavior, the state can anticipate your future actions.

While this might sound very futuristic and unlikely to many Oklahomans, we urge you to keep in mind that the same Department of Public Safety that is responsible for storing and using your Biometric Data is currently in the process of implementing an Automated License Plate Recognition System; one requirement of which is the ability to keep a database of the time and location each license plate was seen, even if no crime was committed.

Our Department of Public Safety has already demonstrated that given the opportunity to deploy an automatic system that gives them the ability to track the driving habits of any given vehicle in the state that passed the proposed camera systems, they will store this data even if no unlawful activity exists. This eagerness by the DPS to create a database of lawful activities does not give us much hope that they will be able to restrain themselves when it comes to the opportunity to perform additional monitoring of Oklahomans.

Oklahoma legislators are becoming increasingly aware of the threat created by technology such as this, and HB 2923 is a good example of turning towards the right path. HB 2923 would have deleted the biometric data stored by the Department of Public Safety, as well as requiring a return to non-biometric pictures on our license. If would also have prohibited the implementation of radio frequency identification technology , the use of which will require a separate article all together.

As Oklahomans who are concerned with privacy, and the increasing surveillance of our activities, we need to push our legislators to stop this invasive technology before it reaches a point of no return.

Immigration New Zealand (INZ) has begun fingerprint checks with Australia as part of a biometric programme to strengthen border security and prevent identity fraud.

The programme will expand to include checks with the United Kingdom, Canada and the United States under the umbrella of the Five Country Conference (FCC), which has developed a system for securely – and with substantial privacy safeguards – matching fingerprint biometrics of persons of interest. “Fingerprints of FCC citizens will not be shared“.

The system will help INZ combat fraud and strengthen border security by helping identify, early in the immigration process, people with criminal histories or those using false identities.

“Organised crime groups and illegal migrants are increasingly using identity and passport fraud to evade detection,” says Arron Baker, INZ’s Programme Manager for Identity and Biometrics.

“Biometrics uses technology to improve on traditional checks using names to detect and prevent these people from entering New Zealand. It is a fast, effective and privacy protecting way of quickly facilitating genuine clients while filtering out those who pose risks to New Zealand.”

INZ signed a Memorandum of Understanding (MOU) with the Australian Department of Immigration and Citizenship on 30 June 2010, and is now completing similar agreements with the UK, Canada and the US.

The Department of Labour completed a Privacy Impact Assessment of the system in close consultation with the Office of the Privacy Commissioner. This is available to the public at http://www.immigration.govt.nz.

Third Quarter Fiscal Year 2010 Report to CongressDepartment of Homeland Security Report of the Chief Privacy Officer Pursuant to Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007June 23, 2010

Written by RSN Press Release,  SATURDAY, 17 APRIL 2010 15:40

The Rutherford Institute Joins with Broad Coalition to Urge White House and Members of Congress to Oppose Biometric National ID Card

Groups Insist That Comprehensive Immigration Reform Must Respect Civil Liberties and Privacy

WASHINGTON – The Rutherford Institute has joined with a broad coalition of groups urging the White House, the House and Senate Judiciary Committees, the House Ways and Means Committee and the Senate Finance Committee to oppose a proposal by Senators Charles Schumer (D-NY) and Lindsey Graham (R-SC) that would include a biometric national ID card in comprehensive immigration reform legislation.

Signatories to the letter opposing the national ID card are from across the political spectrum and include advocates for privacy, consumer rights, gun owners, limited government and religious liberty.

(A copy of the coalition’s letter is available bellow)

“No one disputes that our broken immigration system harms both immigrants and non-immigrants, but a full scale National ID system is not the solution,” said John W. Whitehead, president of The Rutherford Institute. “A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals, it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work.”

A biometric ID card, like the kind under consideration for inclusion in the comprehensive immigration reform legislation being considered by Congress, is a national system for identifying individuals that is used to determine if they are eligible for rights and benefits-a classic national ID. In order to create a biometric ID, every worker in America would have to present a birth certificate and other identification documents, then have his or her biometric, like a fingerprint, captured.

In its letter, the coalition stated, “A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals, it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work.” Both Republicans and Democrats have opposed a National ID system. President Reagan likened a 1981 proposal to the biblical “mark of the beast,” and President Clinton dismissed a similar plan because it smacked of Big Brother. Furthermore, as the letter points out, contrary to the contentions of Senators Schumer and Graham, it would be impossible to create such a system without establishing a national database-a central electronic repository-of Americans’ personal information.

Every government identification system currently in existence requires a database. Databases are necessary in order to reissue lost or stolen cards and as a check on fraud and abuse. Without record keeping, the same Social Security number and birth certificate could be used again and again to issue new cards to different people-defeating the entire purpose of the system. Such a central repository will be irresistible to identity thieves, hackers and those who want to misuse personal information for crimes like stalking.

_______________________________________________________________________

April 14, 2010

United States Senate

Washington, DC 20510

Re: Oppose Schumer/Graham Biometric National ID Proposal within Comprehensive Immigration Reform

Dear Senator:

We write today to express our opposition to a proposal by Senators Charles Schumer (D – NY) and Lindsey Graham (R – SC) to create a biometric Social Security card – one that relies on personal characteristics like fingerprints to identify individuals. No one disputes that our broken immigration system harms both immigrants and non-immigrants, but a full scale National ID system is not the solution.

Both Republicans and Democrats have opposed a National ID system. President Reagan likened a 1981 proposal to the biblical “mark of the beast,” and President Clinton dismissed a similar plan because it smacked of Big Brother. A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals, it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work. As happened with Social Security cards decades ago, use of such ID cards would quickly spread and be used for other purposes – from travel to voting to gun ownership.

Contrary to the contentions of Senators Schumer and Graham, it would be impossible to create such a system without establishing a national database – a central electronic repository – of Americans’ personal information. Every government identification system currently in existence requires a database. Databases are necessary in order to reissue lost or stolen cards and as a check on fraud and abuse. Without record keeping, the same Social Security number and birth certificate could be used again and again to issue new cards to different people – defeating the entire purpose of the system. Such a central repository will be irresistible to identity thieves, hackers and those who want to misuse personal information for crimes like stalking. The cost of this system will be extraordinary, running to hundreds of billions of dollars and dwarfing the expense associated with other parts of immigration reform. As one example, the federal government recently began to issue a limited number of biometric ID cards, called Transportation Worker Identification Credentials. It is estimated that the Department of Homeland Security will spend $1.9 billion to issue cards to approximately 1 million workers.

Expanded to the entire US workforce of 150 million people, that would translate to a proportionately greater cost of $285 billion. A biometric system would likely have to be fee based – requiring not just government permission, but also a government fee to work. Adding insult to injury, this unaffordable scheme will probably never work. Even ignoring the enormous difficulties of creating a system to fingerprint every worker and distributing readers to employers across the country, the truth is that some employers prefer the ambiguity of the current process.

Unless significantly greater resources are dedicated to enforcing the law, employers will continue to have a strong incentive to circumvent a broken system. Such enforcement could be accomplished just as easily without a National ID.

A biometric ID system would be controversial and unpopular with constituencies across the ideological spectrum. It would require the fingerprinting of every American worker – not just immigrants. It would also require the creation of a bureaucracy that combines the worst elements of the Transportation Security Administration and state Motor Vehicle Departments. For all of these reasons we believe that a National ID system should play no part in the otherwise needed reform of our immigration system.

Sincerely,

American Civil Liberties Union

American Library Association

American Policy Center

Americans for Tax Reform

Bill of Rights Defense Committee

Calegislation

Campaign for Liberty

Center for Digital Democracy

Center for Financial Privacy and Human Rights

Citizen Outreach

Citizens Against Government Waste

Citizens Committee for the Right to Keep and Bear Arms

Competitive Enterprise Institute

Consumer Action

Consumer Federation of America

Consumer Watchdog

Cyber Privacy Project

Defending Dissent Foundation

DownsizeDC.org, Inc.

Electronic Frontier Foundation

Electronic Privacy Information Center

Equal Justice Alliance

Former Congressman Bob Barr

Hispanic Leadership Fund

Home School Legal Defense Association

Indian American Republican Council

Liberty Coalition

National Center for Transgender Equality

National Lawyer’s Guild–National Office

National Whistleblower Center

Patient Privacy Rights

Privacy Activism

Privacy International

Privacy Journal

Privacy Lives

Privacy Rights Clearinghouse

Privacy Times

PrivacyRightsNow Coalition

Rutherford Institute

The 5-11 Campaign

The Identity Project

The Multiracial Activist

U.S. Bill of Rights Foundation

World Privacy Forum

Pradeep Thakur, TNN - The Times of India

NEW DELHI: After seeking information from the US authorities on who picked up the tab for Pakistani-American terrorist David Coleman Headley’s credit cards, security agencies have launched a crackdown against terror suspects using international cards as a mode of funding their operations in India.

In two operations in Lucknow and Delhi, intelligence agencies with the help of local police seized more than 65 international credit cards with at least Rs 4-5 crore withdrawn on them and distributed to sleeper cells, sources said.

In the first operation, the Anti-Terrorist Squad of the UP police last month recovered 20 international cards from two individuals in Lucknow after a close surveillance revealed that they were using the credit cards to draw money and pass it on to sleeper cells in the city on the instructions of Nepal-based masterminds.

In a similar action in the national Capital, officials of the Delhi Police raided a resident in Rohini and recovered 45 international credit cards from his possession along with Rs 6 lakh in cash. Initial questioning of the accused in both the cases that the revealed money was paid in Nepal and the operatives in Lucknow and Delhi were instructed to withdraw it and pass it on to contacts as per orders.

While the income tax department is on the job to map the economic footprint of these jehadis within the country, the government has roped in the Enforcement Directorate to register and investigate each of these cases to identify the sources of transactions made in foreign countries on these cards and further investigate the cases under the Prevention of Money Laundering Act (PMLA).

Meanwhile, the government is in touch with the authorities in US and Canada to ascertain who had paid for the credit card bills of Headley and other accused linked to the 26/11 Mumbai terror attack.

A year-long investigation in the use of international credit cards by terror suspects in India has revealed that at least Rs 20-25 crore had been spent by them in the recent past across the country. These credit cards were issued in US, Canada, UK, Dubai, Nepal and Bangladesh and the bills were picked up by terror masterminds based there. Agencies are identifying all such payment gateways, their beneficiaries and sponsors.

The authorities are hopeful of busting the terror and narcotics syndicates by establishing a link between the users of such credit cards and their masterminds who are picking up the tab. Though the FBI has shared some details with the National Investigation Agency while referring to Headley’s co-accused Tahawwur Hussain Rana’s company, World Immigration Service, as one of the funding sources which also provided him a cover for his jehadi mission, it is not yet clear who picked up Headley’s credit card bills in the US.

Sources said Pakistan-based jehadi outfits are using the new modus operandi to fund their operatives in India without alerting the security agencies as the earlier hawala mode of funding had come under close surveillance.

WRITTEN BY: ALEX NEWMAN

Dilemma

The Government(s) intend to use Biometrics as an ultimate authentication tool, can they let the private sector use, collect or even share “Governmental” Biometric records?

Are they wonder whether companies will sell biometric data of our body parts the way they sell email addresses and phone numbers?

A bipartisan group of U.S. Senators is teaming up with the Obama administration to legalize illegal immigrants and require biometric national ID cards for every American worker, prompting a swift and bipartisan backlash across the nation.

The proposal would unconstitutionally force nearly all Americans to obtain the new “tamper proof” Social Security cards while purporting to require that all employers purchase new $800 ID scanners. It would also provide a “path to citizenship” for the estimated 12 million to 20 million illegal immigrants currently living in America.

Led by Republican Senator Lindsey Graham of South Carolina and Democratic Senator Charles Schumer of New York, pro-amnesty and national ID legislators have already started the public relations campaign to build support for the “new and improved” version of “comprehensive immigration reform.” In a column published by the Washington Post entitled “The right way to mend immigration,” the two architects provided a superficial glimpse at their agenda. And though the piece is lacking in details, it reveals a dangerous agenda that Americans must oppose in order to maintain freedom.

“Our plan has four pillars: requiring biometric Social Security cards to ensure that illegal workers cannot get jobs; fulfilling and strengthening our commitments on border security and interior enforcement; creating a process for admitting temporary workers; and implementing a tough but fair path to legalization for those already here,” wrote Graham and Schumer. “We would require all U.S. citizens and legal immigrants who want jobs to obtain a high-tech, fraud-proof Social Security card.”

The national ID cards would include a “unique biometric identifier,” according to Graham and Schumer. Some of the likely candidates include finger prints, retinal scans, or even the layout of a person’s veins in the top of their hand. Employers who refuse to “swipe the card” would face “stiff fines” and “prison sentences,” the Senators noted. “Our blueprint also creates a rational system for admitting lower-skilled workers,” they added.

President Obama promptly signaled his approval and pledged to “act at the earliest possible opportunity.” The White House released a statement noting that the President would do everything in his power to push the issue, and Obama called the Schumer-Graham proposal “a promising, bipartisan framework which can and should be the basis for moving forward.”

After the Democrats recent success in ramming through the wildly unpopular health care “reform,” analysts suggested the “momentum” from that victory could help Obama and the Democrats in their efforts to pass a variety of legislation – including immigration “reform.” And despite broad opposition by a majority of Americans, the agenda marches forward.

But the proposals are already meeting fierce resistance from legislators, citizens and non-profit groups. “This so-called comprehensive immigration reform really means amnesty for the 10 to 20 million illegal immigrants in America today,” explained Republican Representative Brian Bilbray of California, the chairman of the House Immigration Reform Caucus. “What part of the word ‘illegal’ doesn’t the president understand?”

Congressman Ron Paul’s Campaign for Liberty sent out an e-mail to supporters vowing to battle the proposal as well, warning that it was a “statist’s dream” and that the immigration issue was being used as “cover” for an even bigger agenda.

“Instead of controlling the border and enforcing the rule of law, these statists want to control you,” explained the group’s president, John Tate. “Allowing our government to have this much ‘prying power’ in our lives will ultimately result in the TOTAL loss of freedom.”

Tate noted in the letter that this sort battle often determines whether a country will remain free or descend into tyranny. “You see, once ‘well-meaning’ government bureaucrats know exactly how we live our lives, it won’t be long until they try to run them,” added Tate. “In fact, it will only be a matter of time until they spend their workdays making sure you and I don’t go anywhere we ‘shouldn’t,’ buy anything we ‘shouldn’t,’ read anything we ‘shouldn’t,’ eat anything we ‘shouldn’t’ or smoke anything we ‘shouldn’t.’”

In the media, commentators have also blasted the proposal. “Graham’s [Republican In Name Only] tactics will enable the President to turn illegal aliens into documented Democrats.  And in the process, hand the Federal Government yet another way to monitor and control our lives,” explained Roger Hedgecock in a piece for Human Events. “Opposition to this tyranny will come from all parts of our divided political spectrum,” he predicted.

And indeed, even the liberal American Civil Liberties Union is gearing up to fight the “bipartisan” effort. “It is fundamentally a massive invasion of people’s privacy,” said Chris Calabrese, the ACLU’s legislative counsel. “We’re not only talking about fingerprinting every American, treating ordinary Americans like criminals in order to work. We’re also talking about a card that would quickly spread from work to voting to travel to pretty much every aspect of American life that requires identification.”

These amnesty and biometric national ID proposals are dangerous for a lot of reasons. And this battle is a crucial one. The Social Security cards will quickly go from being required to work — which is bad enough itself — to being needed for everything imaginable, from health care to everyday purchases. But the problem is not a lack of biometric ID cards for the serfs; it is the wide open Southern border and the unconstitutional incentives encouraging illegal immigration.

Legalizing the tens of millions of illegal immigrants will harm America on several fronts. Not only does it send a loud message that the rule of law means nothing (except if it furthers statist aims), it will also fundamentally alter the voting dynamics of America. The true solution to the illegal immigration crisis is to stop providing perks like welfare to law breakers, and to properly police the border and defend the states from invasion.

Citizens must unite to defeat this effort. If Obama and his allies like Senator Graham manage to force this monstrosity on the American people, the last remaining semblances of freedom will be in critical danger. Americans already said no to amnesty under former President George W. Bush. Why would adding an unconstitutional national ID scheme with biometric data make it any more desirable? This is not the “change” people voted for, and it must be opposed.

Photo of Senators Schumer (left) and Graham: AP Images

The EU’s own working group FIDIS (the “Future of Identity in the Information Society” research network) said safeguards on the biometric ePassports with embedded Chip were too weak.

By: Michael Scott Moore | March 17, 2010 | 05:00 AM (PDT)

One detail from the assassination last month of a Hamas leader in Dubai should, at first glance, ease the minds of privacy experts. None of the hit team — widely suspected to be Israeli Mossad agents traveling under stolen identities — used newfangled biometric passports. The 11 members of the team traveling with falsified European identities, used old-fashioned, unchipped passports, according to Interpol.

Biometric passports were one of the most powerful and unobtrusive changes to international travel that the United States insisted on after Sept. 11, 2001. As a direct result of U.S. pressure, all EU governments introduced more-expensive passports after 2006 that included RFID microchips to broadcast basic personal information, including name and passport number, your photograph, your fingerprints, and (if it’s been collected) a retina scan of your eye.

Washington demanded these passports from friendly countries that maintained visa-free travel agreements with the United States. To stay in the visa-waiver program, Washington said after 2001, friendly nations would have to upgrade their passports to high-tech, microchipped “ePassports” with machine-readable data.

The new documents belonged to what Homeland Security Chief Michael Chertoff once envisioned as “a worldwide system of tripwires,” set off by personal data, “that make it easy for the vast amount of travelers to move along unimpeded but that make it dangerous and difficult for terrorists to do the same thing.”

But they upset privacy experts who argued that RFID chips radiated unsecured personal details to the world, making it easy for criminals with a simple machine to read them. The EU’s own working group FIDIS (the “Future of Identity in the Information Society” research network) said safeguards on the first biometric passports were too weak.

“By failing to implement an appropriate security architecture,” the group wrote in 2006, “European governments have effectively forced their citizens to adopt new international Machine Readable Travel Documents (MRTDs), which dramatically decrease security and privacy, and increase the risk of identity theft.”

After 2006, both America and the EU gave “second-generation” e-passports a measure ofsecurity” though whether they’re really a safe way to carry your data around will be a topic for a future column. The “Crypto Group” at Belgium’s University Catholique de Louvain, says no, and Europol argues that the supposedly secure passports are still vulnerable to counterfeiting by “determined” criminals.

But it’s significant that the team of assassins in Dubai who killed the Hamas commander, Mahmoud al-Mabhouh, used old-fashioned passports. Any group willing to send an international hit team after a man would have to qualify as “determined,” and Mossad, according to Victor Ostrovsky, a former Mossad officer interviewed recently on Australian radio, has a passport “factory” dedicated to making counterfeits. “They create various types of papers, every kind of ink,” he said. “It’s a very, very expensive research department.”

So the new ePassports are possibly too much of a headache ”for now” for such a sophisticated operation. But tests carried out by The Times of London in 2008 suggested that falsifying an ePassport wasn’t complicated at all, so there could be another reason why Mossad might have avoided using biometric documents. Namely: The databases themselves might be vulnerable.

Jerusalem hasn’t started to issue ePassports yet, and one argument used by their opponents in Israel is that an entire national database of personal details could be hacked and revealed wholesale to a government unfriendly to Israel — say, the United Arab Emirates. Then the border guards in that country would have a way of double-checking the identity of, say, a Mossad agent trying to enter. Then “every Israeli agent who gives his fingerprint at a biometric border control station is liable to be in danger of exposure,” according to the Israeli paper Ha’aretz.

“The fear … is not unfounded,” the paper continues. “A similar database, containing the identity details of Israeli citizens, was leaked a few years ago from the Interior Ministry and can be download today, for free.”

But Rafi Eitan, an Israeli politician and former Mossad officer, believes the agency’s intelligence talents will catch up. “By 2015 most countries will have moved over to biometric identification methods,” he told Ha’aretz. But “… this will not affect the various intelligence activities in the future, because I assess that the organizations engaging in this will find suitable ways to overcome the difficulties ”should there be any.”

There may come a time, in other words, when you’ll need the trappings of a government to do something as tricky as counterfeit a passport.

VIDEO: Cloning passport card RFIDs in bulk for under $250

By: The Kentucky Anti Real ID

The concept of a National ID card has been around for quite some time, back to at least the creation of the Social Security Number (SSN), and while (SSN) is a form of identification, it is not a National ID card in the sense that is being promoted in our time. The push for a National ID card in the modern era started back in the 80′s during the Reagan administration. Reagan, being the type of man he was, knew exactly what this would lead to and flat out rejected the concept. It was brought up in the Clinton administration as well, and while opposition to it was not as strong as Reagan’s, Clinton also did not sign off on a National ID card. Unfortunately, though the times have changed, I feel we can no longer trust our Federal government to operate in our best interest; it has severely broken with the Constitution and the ideals that founded this union. After 9/11 everyone was scared, angry, wanted protection from terrorism, and in that hysteria, most people did not care what it was or how it worked. As a result we got the PATRIOT Act written two years before 9/11 that gives the government the authority, among other things, to enter your house when you’re not there and to take anything. It’s called a “sneak and peak” (and they say trust us on healthcare). The Military Commission Act (MCA) was passed that has language so vague that it could catch average citizens in the category of a “threat” to the government and warrant the same treatment our government gives terrorists. During the process of making us safer a National ID card also became law in 2005 that was tacked onto a tsunami relief and military spending bill as a national security measure meant to guard against terrorism, illegal immigration and identity theft. Being attached to the type of bill that it was guaranteed no opposition, and so it sailed right through Congress straight to the President where it became law.

I will now remind everyone at this juncture what a couple of founding fathers has to say about Liberty and Security:

“I would rather be exposed to the inconveniencies attending too much liberty than to those attending too small a degree of it.”

-Thomas Jefferson

“Those willing to sacrifice Liberty for Security will get neither and deserve neither”

-Benjamin Franklin

The issue of REAL ID and all it entails is too complex to give in this medium, but I will give a brief overview and then direct you to a few sites where you can get all the dirty details. REAL ID is not just a National ID card but much more as it is an INTERNATIONAL ID card. When REAL ID became law, DHS had a non-negotiated rule making process, and so they inserted international regulations. The International Civil Aviation Organization (ICAO), a UN agency, are the ones charged with setting the ISOs for identification programs of the various participating countries, and there are a lot that are participating. The American Association of Motor Vehicle Administrators (AAMVA) will be the entity that will see to the implementation of REAL ID. AAMVA is American in name only. As they state on their website they are an international organization. Then there are the corporations, most prominently, a company called L1-Identity Solutions. This corporation has a monopoly on identification cards (i.e. drivers licenses) like Microsoft does on computer operating systems.

The required data on these cards will not just be our physical attributes for identification purposes but our religious, political, educational, medical, financial, sexual, firearms, and biometric data will be on this card. Considering the fact that all our information will be on this card and that the state DMV databases will have to be linked and consolidated, the information will be held primarily by one corporation, and our government will be sharing it with any “nation” of the world such as Canada, England, Mexico, Australia, Russia, China, or Iran to name very few. There is no possible way for our information to remain secure. The more information or data on us that is compiled and shared, the more likely it will be stolen (130 million credit card numbers stolen). Note that one of the pieces of data that will be collected is biometric. When most people think biometric, they think fingerprints, iris scans, DNA; however, the biometric of choice is facial recognition because it can be taken without your knowledge or consent. A mathematical algorithm will be used based on your facial features to assign you a specific number. Law enforcement personnel do not need numbers to identify you, but a camera and computer surely does, and we are well on our way to being a surveillance society more than you think we are.

By: Stephen Patrick Hoffman, University of Minnesota – Twin Cities

Abstract

Biometric identification techniques such as retinal scanning and fingerprinting have now become commonplace, but near-future improvements on these methods present troubling issues for personal privacy. For example, retinal scanning can be used to diagnose certain medical conditions, even ones for which the patient has no symptoms or has any other way of detecting the problem. If a health insurance company scans the retinas of potential clients before they purchase coverage, they could be charged higher premiums for conditions that do not present any issues. Not only is this unfair, but the ease with which these scans can be conducted—including scanning without the subject’s consent or knowledge—present disturbing privacy concerns and suggest an Orwellian future, instead controlled by Big Business rather than Big Brother.

INTRODUCTION

Imagine it is the year 2030. As you walk down your street to visit your favorite coffee shop, a camera mounted at the nearest intersection tracks your movements. Initially, you are just a set of pixels transmitted to a video screen somewhere; however, after your movement has been picked up by the camera, it uses algorithms based on general body and skull structure to pinpoint the location of your eyes. Once the camera has found your eyes, it projects an infrared beam of light into your eyes which would not be noticed because infrared light is not visible to the human eye. Using the reflection of the light from your retinas and choroids, the camera photographs the vasculature structure of your eyes and runs it against a database of known criminals, immigrants, and even people dissenting from popular opinion. If your retinal pattern matches that of a person listed in the database, the computer transmits this information to the proper authorities. All of this happens before you even step through the door of the coffee shop. This Orwellian1 future of an omnipotent Big Brother is not consistent with a free democracy subservient to the people.

However, this is not the only worrisome issue presented by this scenario—what if private companies, instead of the government, are the ones running those cameras? What if a health insurance company installs these cameras outside its offices to identify individuals and detect disorders and illnesses before they walk through the door? Retinal vascular patterns have been shown to anticipate future illnesses as well as conclusively identify several illnesses that the individual suffers from, and many of these are hereditary or genetic conditions. If the insurance company knows what you are susceptible to before you are personally aware or have been notified of, and uses this to refuse coverage or charge a higher premium for the policy you apply for, they have appropriated something extremely private of yours without consent and may use this knowledge to profit from your supposed “condition,” regardless of whether those future or current illnesses have manifested or will manifest themselves. Why should such an intrusive procedure be allowed without any concern to the privacy rights of those being examined?

Suggested Citation

Stephen Patrick Hoffman. 2010. “Biometrics, Retinal Scanning, and the Right to Privacy in the 21st Century“

Should our body be considered a form of property to government?

Biometrics and Security should enhance rather than conflict with individual privacy and dignity. As stated by the philosopher Immanuel Kant (1724-1804): “Human beings should never be treated as merely means to an end” – Namely, ‘Human beings are already the purpose, they must not be sacrificed to fulfill other purposes’.

By: JILL SCHENSUL – TRAVEL COLUMNIST

E-mail: schensul@northjersey.com

OK, let’s calm down for a second. I think it’s time to put this issue on whole body scanning — aka “TSA porn” — in perspective.

Yes, these scanners can put together a good idea of what’s underneath our traveling clothes. That’s the point, after all, when looking for concealed weapons. But some privacy groups, passengers and elected officials watching out for our modesty think the results are a little too creepily lifelike. As Rep. Jason Chaffetz, R-Utah, coiner of the TSA porn epithet, said: “Nobody needs to see my wife and kids naked to secure an airplane.”

The scans don’t exactly look like naked people. More like naked … avatars.

The TSA also says the machines have a program that blurs faces/identities. And they point out, on the Web page of information about the machines, that the scanner “does not store, print, transmit or save the image. All machines have zero storage capability and all images are automatically deleted from the system after they are reviewed by the remotely located security officer.” It’s not like you’ll be seeing yourself on some scangallery.com site in the future, or finding your head cloned onto some X-rated body.

Probably not, anyway.

An Internet watchdog group, the Electronic Privacy Information Center [EPIC], has obtained documents from the Department of Homeland Security suggesting that the TSA wasn’t being transparent about what the machines can do; apparently, there’s a “test mode” that does allow for data storage and the export of images. Only employees with high-level clearance can access this particular mode, though, and certainly those folks are too busy poring over lists of terrorists and the like to be unleashing such unflattering images upon cyberspace.

‘Virtual strip search’

No matter what their ultimate fate, even subjecting travelers to these scans is an egregious invasion of privacy — tantamount, according to the American Civil Liberties Union, to a “virtual strip search.”

Hello? When was the last time these protesters went through a security check?

Invasion of privacy is what it’s all about. A veritable humiliation, violation marathon, from shoe removal to pocket-emptying, from undoing belts to declaring underwire bras, from swabbing our laptops to disassembling our carry-ons and pawing through purses. And the ultimate de-privatization – usually reserved for the beep-producers – is to be ordered into wanding position, to stand in that Leonardo DaVinci arms-and-legs-spread mode and be subjected to hand scanning and hand-goosings that somehow seem to suck all the freedom out of your soul.

All done before an audience of your peers. Who get to watch the belts come off and the beer bellies bared and the plumber-butts revealed as the beltless pants begin sagging. All in all, I’ll take the scanner.

The more worrisome aspect of these new machines, to me, is the radiation issue. I just keep thinking of those rolls of fogged film I’d get back from the labs every so often. The long strip of nothing but eerie billows of gray, the fallout of overradiation.

So when the TSA tells us the new scanners’ X-rays are harmless, I think about the little sign they used to have at the security screening area, way back when, that assured us X-rays would not harm film up to 400 ASA. And I think about all that gray.

The TSA already has 40 whole body scanners at airports around the country, and, since the recent close call on Northwest Airlines Flight 253, has decided to buy and deploy nearly 450 more.

There are actually two types of scanners being tested. Experts in the field of radiation seem in agreement that millimeter wave technology, which uses radio frequency energy for scanning, is harmless.

Opinions vary on the safety of the backscatter machines, which use low-level X-rays. The dose of radiation is small – about 0.1 microrem of radiation, compared with 100 microrem for a chest X-ray or 10,000 microrem for a CT scan.

According to TSA officials, backscatter machines produce a clearer image.

Radiation danger?

In an article on the American College of Radiology’s Web site, Mayo Clinic neuroradiologist Peter Kalina questions the use of even small doses of ionizing radiation in non-medical applications. “The amount of radiation may be extremely small and safe, but parents have to grasp that their 4-year-old child is being subjected to radiation. Some parents will be concerned,” he says.

David J. Brenner, a Columbia University professor of radiation oncology and public health, worries about subjecting pregnant women to the scans, too. He also says that about 5 percent of the general population is radiosensitive, among them women who carry certain breast cancer genes.

The TSA says these scans will be voluntary – you can opt for the pat-down if you want.

Kalina is concerned about a potential scenario in which a less-developed nation might adopt backscatter scanning technology, but fail to keep its scanners calibrated. “As a traveler,” he has said, “I don’t know who’s checked that machine or equipment. Can I be sure there won’t be a larger dose of radiation coming from it?” I believe he said this before the recent discovery that 206 patients at Cedars-Sinai Medical Center in Los Angeles received eight times the normal dose of radiation from a CT scan machine with a computer-resetting error.

Risk-benefit analysis

But all these debates are secondary to the real question: Are the benefits worth the risks, hassle, humiliation and expense?

The new scanners might do a better job than the current technology but obviously have their drawbacks, and opinions vary on whether they can reliably detect weapons hidden in body cavities. And they’re simply an option – not even a terrorist can be forced into one.

The scanners are a good straw to grasp at after the latest high-profile oops in the security system was brought to light.

The problem is, every new measure is simply a reaction to the latest near-miss, a Band-Aid rather than a real systemic change for the better. Various tech companies that make the equipment will certainly benefit in the short term, but will the cost and the risks really benefit the war on terrorism and make us safer?

I’m with Bruce Schneier, an internationally recognized security technologist who said that while whole-body-imaging technology “works pretty well,” the financial investment is a mistake. He believes money would be better spent on intelligence-gathering and investigations.

“It’s stupid to spend money so terrorists can change plans,” he said by phone from Poland, where he was speaking at a conference. If terrorists are swayed from going through airports, they’ll just target other locations, such as a hotel in Mumbai, India, he said.

But the orders are already in for another 100 of these machines. So, well, we’ll deal with it. I’m going to opt for the whole scan thing, especially if I don’t have to take off my shoes. And the new option should at least cut down on the incidence of plumber butt.

But technology is just one link in the security system.

And as the recent incident shows, no matter how much intelligence we gather, no matter how many alert systems we put in place, they’re useless if ignored.

The FBI says the used an image found on Google of Spanish lawmaker Gasper Llamazares, right, to create a digitally altered photo of what an aged Osama bin Laden might look like, as reported by El Mundo. Madrid, Spain – A Spanish lawmaker says he was stunned to find that the FBI used his photograph as part of a digitally enhanced image showing what Osama bin Laden might look like today.

Gaspar Llamazares says he would no longer feel safe in the U.S. after his hair and other features appeared on a wanted poster showing an older bin Laden on a U.S. government Web site rewardsforjustice.net. A reward of up to $25 million is offered.

Spanish newspaper El Mundo, which noted the similarities between the bin Laden composite and Mr. Llamazares, quotes FBI spokesman Ken Hoffman as acknowledging that the agency used a picture of Llamazares taken from Google Images for the digitally altered image of bin Laden.

The photo appeared on a U.S. State Department Web site rewardsforjustice.net, where a reward of up to $25 million is offered for bin Laden, wanted in the Sept. 11, 2001 attacks and the 1998 U.S. embassy bombings in Tanzania and Kenya.

Llamazares said he planned to ask the U.S. government for an explanation and reserved the right to take legal action.

FBI headquarters in Washington did not respond immediately when asked for comment Saturday, requesting that questions be sent to them by e-mail. The State Department told a reporter to call back Tuesday after the U.S. federal holiday on Monday.

Llamazares said he couldn’t believe it when he was first told about the similarity, but he quickly realized the seriousness of the situation.

The 52-year-old politician said he would not feel safe traveling in the U.S. now, because many airports use biometrics technology that compares the physical characteristics of travelers to passport or other photographs.

“I have no similarity, physically or ideologically, to the terrorist bin Laden,” he said.

They do share on characteristic — both are 52.

Jose Morales, spokesman for Llamazares’ party, told the Associated Press that no one in Spain had any idea that important security computer images such as the retouched bin Laden photo were built up from photographs of real people. Llamazares, the former leader of his party, was elected to Spain’s parliament in 2000.

Llamazares said it was worrying to see elite security services like the FBI resorting to such sloppy techniques, especially in the light of recent security alerts like the attempted Christmas Day bombing of a Detroit-bound airplane.

“It might provoke mirth, but it demonstrates that what we’re seeing from security services isn’t exactly recommendable,” he said.

Bin Laden is believed to be hiding in the lawless Pakistan frontier bordering Afghanistan. His exact whereabouts have been unknown since late 2001, when he and some bodyguards slipped out of the Tora Bora mountains, evading air strikes, U.S. special forces and Afghan militias.

The U.S. State Department Web site shows the photos and bounty on bin Laden and 41 others wanted for terrorism.

By Duncan Gardham, Security Correspondent

Osama bin Laden and Winona Ryder: airport face scanners reportedly cannot tell the difference Photo: GETTY; EPA

In a leaked memo, an official says the machines have been recalibrated to an “unacceptable” level meaning travellers whose faces are shown to have only a 30% (Thirty per cent) likeness to their passport photographs can pass through.

The machines, undergoing trials at Manchester airport, have apparently been questioning so many passengers’ identities that they were creating huge queues.

The technology was designed to help immigration officials spot people traveling under false passports, particularly terrorists, but the multi-million pound scheme now appears to be in jeopardy.

In the email, the official says: “Update on the calibration – the facial recognition booths are letting passengers through at 30%.

“Changes appear to have been made without any explanation [or] giving anyone a reason for the machines [creating] what is in effect a 70% error rate.

“[The fact that] the machines do not operate at 100% is unacceptable. In addition it would be interesting to know why the acceptance level has been allowed to decrease.”

Rob Jenkins, an expert in facial recognition at Glasgow University’s psychology department, said lowering the match level to 30 per cent would make the system almost worthless.

Using facial recognition software from Sydney airport in Australia set at 30 per cent, he found the machines could not tell the difference between Osama bin Laden and the actors Kevin Spacey or even the actress Winona Ryder while Gordon Brown was indistinguishable from Mel Gibson.

Announcing a trial of five of the devices at Manchester airport last August, Jacqui Smith, the Home Secretary, said they would improve security by making it more difficult for terrorists using false passports.

At the moment the technology is only being used on British and European travelers on “high risk” flights but it is planned to extend the technology to almost all non-European Union citizens by the end of 2010.

Patrick Mercer, chairman of the House of Commons subcommittee on counter-terrorism, said he would be asking the UK Borders agency about the warnings.

The Home Office said: “We can categorically confirm that the gates are making the same high level of checks on the British and European passengers using them as they were when the trials began in August last year.

“Previous tests show that they system can reliably pick out imposters and even distinguish between identical twins. An immigration officer supervises the whole process and will intervene where necessary.”

http://www.thestar.com/news/world/article/744199—israelification-high-security-little-bother
The ‘Israelification’ of airports: High security, little bother
Cathal Kelly Staff Reporter 

Voyeurism Security

While North America’s airports groan under the weight of another sea-change in security protocols, one word keeps popping out of the mouths of experts: Israelification.

That is, how can we make our airports more like Israel’s, which deal with far greater terror threat with far less inconvenience.

“It is mindboggling for us Israelis to look at what happens in North America, because we went through this 50 years ago,” said Rafi Sela, the president of AR Challenges, a global transportation security consultancy. He’s worked with the RCMP, the U.S. Navy Seals and airports around the world.

“Israelis, unlike Canadians and Americans, don’t take s— from anybody. When the security agency in Israel (the ISA) started to tighten security and we had to wait in line for — not for hours — but 30 or 40 minutes, all hell broke loose here. We said, ‘We’re not going to do this. You’re going to find a way that will take care of security without touching the efficiency of the airport.”

That, in a nutshell is “Israelification” – a system that protects life and limb without annoying you to death. 
Despite facing dozens of potential threats each day, the security set-up at Israel’s largest hub, Tel Aviv’s Ben Gurion Airport, has not been breached since 2002, when a passenger mistakenly carried a handgun onto a flight. How do they manage that?

“The first thing you do is to look at who is coming into your airport,” said Sela.

The first layer of actual security that greets travellers at Tel Aviv’s Ben Gurion International Airport is a roadside check. All drivers are stopped and asked two questions: How are you? Where are you coming from?

“Two benign questions. The questions aren’t important. The way people act when they answer them is,” Sela said.

Officers are looking for nervousness or other signs of “distress” — behavioural profiling. Sela rejects the argument that profiling is discriminatory.

“The word ‘profiling’ is a political invention by people who don’t want to do security,” he said. “To us, it doesn’t matter if he’s black, white, young or old. It’s just his behaviour. So what kind of privacy am I really stepping on when I’m doing this?”

Once you’ve parked your car or gotten off your bus, you pass through the second and third security perimeters.
Armed guards outside the terminal are trained to observe passengers as they move toward the doors, again looking for odd behaviour. At Ben Gurion’s half-dozen entrances, another layer of security are watching. At this point, some travellers will be randomly taken aside, and their person and their luggage run through a magnometer.

“This is to see that you don’t have heavy metals on you or something that looks suspicious,” said Sela.
You are now in the terminal. As you approach your airline check-in desk, a trained interviewer takes your passport and ticket. They ask a series of questions: Who packed your luggage? Has it left your side?

“The whole time, they are looking into your eyes — which is very embarrassing. But this is one of the ways they figure out if you are suspicious or not. It takes 20, 25 seconds,” said Sela.

Lines are staggered. People are not allowed to bunch up into inviting targets for a bomber who has gotten this far.

At the check-in desk, your luggage is scanned immediately in a purpose-built area. Sela plays devil’s advocate — what if you have escaped the attention of the first four layers of security, and now try to pass a bag with a bomb in it?

“I once put this question to Jacques Duchesneau (the former head of the Canadian Air Transport Security Authority): say there is a bag with play-doh in it and two pens stuck in the play-doh. That is ‘Bombs 101′ to a screener.. I asked Ducheneau, ‘What would you do?’ And he said, ‘Evacuate the terminal.’ And I said, ‘Oh. My. God.’

“Take Pearson. Do you know how many people are in the terminal at all times? Many thousands. Let’s say I’m (doing an evacuation) without panic — which will never happen. But let’s say this is the case. How long will it take? Nobody thought about it. I said, ‘Two days.’”

A screener at Ben-Gurion has a pair of better options.
First, the screening area is surrounded by contoured, blast-proof glass that can contain the detonation of up to 100 kilos of plastic explosive. Only the few dozen people within the screening area need be removed, and only to a point a few metres away.

Second, all the screening areas contain ‘bomb boxes’. If a screener spots a suspect bag, he/she is trained to pick it up and place it in the box, which is blast proof. A bomb squad arrives shortly and wheels the box away for further investigation.

“This is a very small simple example of how we can simply stop a problem that would cripple one of your airports,” Sela said.

Five security layers down: you now finally arrive at the only one which Ben-Gurion Airport shares with Pearson — the body and hand-luggage check.

“But here it is done completely, absolutely 180 degrees differently than it is done in North America,” Sela said.
“First, it’s fast — there’s almost no line. That’s because they’re not looking for liquids, they’re not looking at your shoes. They’re not looking for everything they look for in North America. They just look at you,” said Sela. 

“Even today with the heightened security in North America, they will check your items to death. But they will never look at you, at how you behave. They will never look into your eyes … and that’s how you figure out the bad guys from the good guys.”

That’s the process — six layers, four hard, two soft. The goal at Ben-Gurion is to move fliers from the parking lot to the airport lounge in a maximum of 25 minutes.
This doesn’t begin to cover the off-site security net that failed so spectacularly in targeting would-be Flight 253 bomber Umar Farouk Abdulmutallab — intelligence. In Israel, Sela said, a coordinated intelligence gathering operation produces a constantly evolving series of threat analyses and vulnerability studies. 

“There is absolutely no intelligence and threat analysis done in Canada or the United States,” Sela said. “Absolutely none.”

But even without the intelligence, Sela maintains, Abdulmutallab would not have gotten past Ben Gurion Airport’s behavioural profilers.

So. Eight years after 9/11, why are we still so reactive, so un-Israelified?

Working hard to dampen his outrage, Sela first blames our leaders, and then ourselves.

“We have a saying in Hebrew that it’s much easier to look for a lost key under the light, than to look for the key where you actually lost it, because it’s dark over there. That’s exactly how (North American airport security officials) act,” Sela said. “You can easily do what we do. You don’t have to replace anything. You have to add just a little bit — technology, training.. But you have to completely change the way you go about doing airport security. And that is something that the bureaucrats have a problem with. They are very well enclosed in their own concept.”

And rather than fear, he suggests that outrage would be a far more powerful spur to provoking that change.
“Do you know why Israelis are so calm ? We have brutal terror attacks on our civilians and still, life in Israel is pretty good. The reason is that people trust their defence forces, their police, their response teams and the security agencies.

They know they’re doing a good job. You can’t say the same thing about Americans and Canadians. They don’t trust anybody,” Sela said. “But they say,… ‘ So far, so good…’ Then if something happens, all hell breaks loose and you’ve spent eight hours in an airport. Which is ridiculous. Not justifiable

“But, what can you do? Americans and Canadians are nice people and they will do anything because they were told to do so and because they don’t know any different.”

By Jonathan Kent,  BBC News, Kuala Lumpur

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.

The car, a Mercedes S-class, was protected by a fingerprint recognition system.

Accountant K Kumaran’s ordeal began when he was run down by four men in a small car as he was about to get into his Mercedes in a Kuala Lumpur suburb.

The gang, armed with long machetes, demanded the keys to his car.

It is worth around $75,000 second-hand on the local market, where prices are high because of import duties.

Stripped naked

The attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.

But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner’s fingerprint to disarm it.

They stripped Mr Kumaran naked and left him by the side of the road – but not before cutting off the end of his index finger with a machete.

Police believe the gang is responsible for a series of thefts in the area.

Letter

Executive Committee Home

Submitted by MacRonin on December 13, 2009 – 7:00pm

Real ID Follies Continue with PASS ID Waiting in the Wings: Via EFF.org Updates.

Since 2007, the U.S. State Department has been issuing high-tech “e-passports,” which contain computer chips carrying biometric data to prevent forgery. Unfortunately, according to a March report from the Government Accountability Office (GAO), getting one of these supersecure passports under false pretenses isn’t particularly difficult for anyone with even basic forgery skills.

As 2009 draws to a close, we’re inching ever deeper into the corner that Congress painted us into by passing Real ID under the table in 2005. (Recall that Real ID is the failed, Bush-era attempt to turn state drivers licenses into national ID cards by forcing states to collect and store licensee data in databases, and refusing to accept non-compliant IDs for federal purposes, like boarding a plane or entering a federal building.)

The official deadline for states to comply with the Department of Homeland Security’s (DHS) final Real ID rule is December 31, 2009, and an estimated 36 states will not be in compliance by then, leading to some ambiguity for many citizens. For example, will residents of Montana be able to board planes in January 2010 with only a driver’s license (a state-supplied, technically non-compliant document) and without a passport (an identity document issued by the federal government)?

Past history strongly suggests that DHS will issue last-minute waivers to states that have not amped up their drivers licenses to adhere to Real ID. Early in 2008, states that actively opposed Real ID received waivers from DHS, nominally marking the states as “compliant” despite strongly-stated opposition to ever implementing Real ID.

But waiting in the wings is PASS ID, a bill that attempts to grease the wheels by offering money to the states to implement ID changes. Despite having the appearances of reform, PASS ID essentially echoes Real ID in threatening citizens’ personal privacy without actually justifying its impact on improving security. For this reason, PASS ID is not popular — privacy advocates refuse to support the bill because it still creates a national ID system. It still mandates the scanning and storage of applicants’ critical identity documents (birth certificates, visas, etc.), which will be stored in databases that will become leaky honeypots of sensitive personal data — prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. And on the other side, short-sighted surveillance hawks are unhappy with the bill because they support the privacy violations architected into the provisions of the original Real ID Act.

As such, advocates of PASS ID are publicly wringing their hands over the deadline in order to encourage Congress to approve the PASS ID Act before the end of the year. But the fracas over health reform is suffocating any chance for meaningful debate about the merits of PASS ID before the Dec. 31st deadline.

A pragmatic analysis should show that Real ID is dead. To date, 24 states have enacted resolutions or binding legislation prohibiting participation in Real ID, and the varied, desperate efforts to reanimate it are misguided. Whether the states or the federal government signs the invoice, the cost ultimately falls to taxpayers, who should be troubled that neither Real ID nor PASS ID is likely to fulfill the stated goal of stopping terrorists from obtaining identity documents. (Just this week, noted security expert Bruce Schneier linked to a report about government investigators successfully using fake identity documents to obtain high-tech “e-passports,” which were then used to buy plane tickets, and board flights — the point being that a fancy, “secure” identity document doesn’t stop individuals from exploiting a weak bureaucracy.)

On the other hand, the resulting databases filled with scanned identity documents will, create tantalizing targets for identity thieves and headaches for people whose digital documents are pilfered; and a national ID system will invite mission creep from the government as well as private entities like credit reporting agencies and advertisers. It’s high time for reason to replace the reflexive defense of a failed scheme. Congress should repeal Real ID for real and seek more inspired, protective solutions to identity document security.

ISRAEL at Risk of Not Being a Democracy Anymore: Knesset Approves INVASIVE ‘Biometric Law’

Anyone who follows the news has no doubt come across the claim that “Israel is the only democracy in the Middle East.” Usually, this claim is followed by its logical inference: “As an island of freedom located in a region controlled by military dictators, feudal kings and religious leaders” - Not any more – Israel democracy is now controlled by superficial politicians…

Black Day for Democracy

By Gil Ronen and Nissan Ratzlav-Katz

(IsraelNN.com) The Knesset plenum approved Monday evening the ‘Biometric Law’ in the final readings. Forty Knesset members voted in favor of the law, 11 against and three abstained. The purpose of the law is the creation of a biometric database that would hold the fingerprints and facial photos of all of the country’s citizens. The data would be stored in the Interior Ministry computers.

MK Nitzan Horowitz (Meretz), who led the opposition to the law, said after its approval that the vote was “a serious mistake which causes grave harm to freedom of the individual in Israel.”

“I hope that we do not pay too heavy a price for it,” Horowitz said. “In any case, it has been proven that an unrelenting public struggle by idealists can have influence and make a difference. The proof is that the law in its final wording is completely different from the original version.”

During the Knesset debate about the law, MK Horowitz stood at the podium and held up printouts of information from the Ministry of Interior’s database which contained information about Knesset members and which reached the Internet. He said that he would not show the contents so as not to invade the MKs’ privacy. “The leaked data which reached my hands prove how easy it is to break into government databases,” he said. “I hope that this will not be the fate of the biometric database.”

MK Dov Henin (Hadash) said that despite the government’s statements that it would not force Israeli citizens to join the database, “in fact, whoever does not do so would be punished – he will not be able to leave the country’s borders, since he would not receive a passport at the level required in developed countries.” The database is not truly a voluntary one, he said.

Faked fingerprints
On the same day that the Knesset approved the law, there news from Tokyo that appeared to show that this system, too, was not foolproof. Police in the Japanese capital said that they arrested a 27-year-old Chinese woman suspected of illegally entering the country after surgically altering her fingerprints to deceive a biometric recognition system operated by immigration officials.