From the diaries by susanhbu. As most of you are US citizens, you may or may not be aware of the chilling welcome the United States extends to its guests: Arriving air passengers are required to submit to electronic fingerprinting of both index fingers, and to a scan of the right retina.
Way over the top by international standards, the stated justification for this $10 billion program is (you guessed it) “international terrorism”.
Now, a scientist from Stanford University has identified a significant hole in the fingerprint component of the system. More below the jump, PLUS HOW TO make your own fake fingerprints!
From Science Daily:
Fingerprinting Study Sets Off Alarm Bells
Last autumn, Lawrence Wein [Paul E. Holden Professor of Management Science at Stanford University] detected a serious problem in the federal government’s US-VISIT program, designed to capture terrorists entering American airports by checking their fingerprints.
Named with the same breathtaking Orwellian boldness that brought us the “PATRIOT” Act and “No Child Left Behind”, the US-VISIT program requires visitors to the US to disclose more personal data than any other country:
Under the US-VISIT program now in effect, U.S. Customs officials at airports lay each foreign visitor’s two index fingers down on a special pad and then wait while the computer compares the images against the fingerprints stored in the system of several million known criminals and suspected terrorists. When the computer detects a match, a person is quietly sequestered for further investigation.
(The retinal scans are apparently not being used as yet. The idea is that the US will eventually require visitors to carry machine-readable passports which encode retinal information. Nationals of countries included in the Visa Waiver Program must present a machine-readable biometric passport as of October 2005.)
According to this article, The fingerprint system has
- a reliability of 96%, and
- a false positive rate of 3 in 1000
Given that in fiscal 2004 close to 31 million non-immigrants entered the US (link), that means that some 93,000 visitors must have been “quietly sequestered” last year. Welcome, stranger!
Ah, but can the system catch terrorists?
Wein has found that its performance degrades when fingerprint quality is not good. Using mathematical models, Wein, along with Manas Baveja, a doctoral student at the Institute for Computational and Mathematical Engineering and a science fellow at the Center for International Security and Cooperation, has specifically determined that when image quality is poor, accuracy drops to 53 percent. “About 5 percent of the general public and 10 percent of those on the watch list have bad quality fingerprints due either to genetics or hard labor,” Wein says. It’s those small percentages that can evade the system–with potentially huge consequences. “We assume that terrorist organizations will eventually defeat the US-VISIT program by employing a majority of people whose fingerprint quality is either naturally bad or deliberately made so,” he says.
The long-term solution: get more information.
“We found that instead of scanning two index fingers, scanning eight to 10 fingers will result in a 95 percent detection probability, even when fingerprint quality is bad,” Wein says.
It goes without saying that expanding the current system from two to eight fingers will “necessitate expensive hardware and major disruptions”.
The short-term solution is to loosen the detection thresholds for poor images while tightening them for better-quality images; apparently, Wein and Co. calculate that this does not increase the processing overhead over all, so that no additional staff is required.
Such an adjustment should raise the likelihood of catching suspects with the worst quality images from 53 to 73 percent.
There are two things that are implicit here:
- Looser criteria mean more false positives in the “fuzzy prints” group.
- Fewer false positives will be generated in the “clear prints” group – fewer people in this group will get hassled.
In other words, the short-term fix is to bias the system against persons with fuzzy prints, which will include a disproportionate number of manual workers.
So essentially, “we” have an expensive system that cannot reliably identify terrorists. It generates a number of false positives that is enormous in the aggregate, creating inconvenience – or a great deal worse – for foreign nationals lawfully visiting the United States. It is biased against people who work with their hands. And it records personal biometric information on all visitors, lawful or not. Welcome, world!
But now for the good news:
The creative and fun-loving (mostly) guys at Germany’s Chaos Computer Club (CCC)have posted this handy guide on How to Fake Fingerprints. This step-by-step illustrated guide tells you all you need to know to make fake fingerprints in the comfort of your own home – check it out!