• tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    8 months ago

    privacy

    Ultimately, there are too many databases with people’s fingerprints out there, and my expectation is that they’re gonna leak at some point.

    So that means two things:

    • First, don’t use biometrics to check identity unless you’re in a position where a person forging them can actually be checked for forged biometrics and get in trouble if caught. Like, customs at an airport, where you could see if someone has fake caps on their fingers or something. Biometrics cannot normally be invalidated. If it leaks and you’re using the fingerprints to authenticate yourself to, say, your laptop or your bank or something, you can never invalidate those credentials, and people will always be able to get into your bank account. Specifically in the case of fingerprints, it’s often not even that hard to get ahold of a specific individual’s biometrics – you leave a record of them on any smooth surface that you touch.

    • Second, if you’re in a position where you don’t want to leave behind a signature, you might want to wear something that masks biometrics. If you have widely-leaked biometrics databases floating around that anyone can get access to, and you, say, put your hand on something, you’ve just left a signature that anyone can map to identity. Maybe bring back gloves, say. I don’t think that we’re at a point where there are systems that can do iris scans at a distance without someone knowing. Facial recognition is definitely doable at a distance, and that happens today. People at political protests who are worried about being identified, some military people, stuff like that, will mask their face. Maybe it makes sense to roll back anti-mask laws if facial databases are gonna be floating around. I dunno about gait recognition, whether that’s sufficiently-unique to distinguish among a large number of people at a distance.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      8 months ago

      A “database of fingerprints” would only contain checksums. They can be used to verify the result of a reading but not to get the whole print.

      Most of the time they don’t even contain that. The primary checksum is stored only on the ID, which outputs a secondary one, which is matched against a verification checksum produced independently by a reader.

      The national database doesn’t need any of those, it holds the person ID numbers and their civil status and stuff like that not how they are verified.

      • MilderRichter@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        A “database of fingerprints” would only contain checksums

        that’s the case for fingerprint readers in phones/laptops

        But does that also apply to prints collected for government ID cards?

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          7 months ago

          But does that also apply to prints collected for government ID cards?

          Most probably, for several reasons:

          1. If the government or a goverment organization wants to fake the fact you’ve presented your fingerprints somewhere they can just fake the results of the checkup itself. And if they’re up to this level of fuckery it’s probably a short distance to where they just imprison or kill you, so having your prints faked is the least of your problems.
          2. If the goverment is well-meaning they don’t want to store fingerprints because they’re not needed and they’d just be storing highly sensitive personal information that, if ever breached, could be used for all kinds of shenanigans. The best way to protect data is to not have it in the first place.
          3. The goal of these systems is to log and attest the checks, not the fingerprints. They document the fact that at a certain time and location the checksums for a set of biometrics did or did not match some reference checksums. They don’t care what those biometrics mean, or what the result of the check being passed or failed means, or what the actual biometrics are (we’re talking about fingerprints here but there’s lots of biometrics that can be used).
          4. Storing actual biometrics would take a lot more space and add complexity. The checksums are much smaller and simpler.
  • nivenkos@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    This is a good ruling.

    Now if only they’d scrap the ones against CCTV and facial recognition, we can build a safer society without street crime.

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      We’ve had biometic Id for ages, it hasn’t impacted street crime much one way or the other.

      Lower inequality and a safety net, thought? Does wonders.