Today Holland and Knight points us to this proposal by the Department Of Homeland Security:
The Department of Homeland Security (DHS) proposes to establish an exit program at all air and sea ports of departure in the United States. It would require aliens who are subject to the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program biometric requirements upon entering the United States to provide biometric information to commercial air and vessel carriers before departing from the United States at air and sea ports of entry. It does not propose to apply these requirements to persons departing the United States on certain private carriers or small carriers. Comments on the proposal should be submitted by June 23.
Notice Of Proposed Rulemaking (April 24, 2008)
This proposal worries me for a few reasons. First, proposals made by the US are always considered and often implemented by other maritime nations meaning the likelihood my biometric data, and that of seamen worldwide, will soon be required and subsequently stored in foreign databases just increased. This is a problem. The US itself has a less than stelar record in the protection of personal information; can we expect less prosperous nations to succeed where we have failed?
The reason biometrics are of particular concern is the permanence of the data coupled with the common practice of using them as passwords to gain access to secure data and facilities. To understand the issue we first ask the question; what is a password?
At the most basic level a password is a secret know only by authenticated users or devices and an authentication system. The most common use of this system are the keys in your pocket. Each tumbler in your home, car or office shares a secret with a specific key that you carry. You do not know the secret but bring your keychain or disassembled tumbled to a locksmith and the secret will be reveled. Another example is your credit card. The magnetic strip on you card contains a complex password known only to it and your bank’s authentication system. Now purchase an inexpensive credit card swiper, glue the device to an ATM machine and soon you will have the private information of unsuspecting consumers (LINK).
The weak link of any password system is specific times when the secret is not explicitly held by the two devices. This can be when a third party processes your data or during a transit across the internet. Going back to our analogy you are safe when your keys are in your pocket but leave them in your office drawer for an hour or mail them to a friend and the secret is no longer under your direct control. You are less safe.
At his point I hope my writing is clear enough to make you worry about your house keys, don’t. The ordinary key has three significant advantageous. First, it’s a system tested by time. Second, it’s a system well understood by all users. Third, after loosing your key or realizing it could have been copied you can quickly have a new tumbler installed in your door. This third point is shared by more complicated, less tested systems. Loose your credit card, the bank sends you a new one. Think your computer password has been stolen, change it.
This brings us to the problem with biometrics. As a system used for the identification of an individual nothing is better but as a means of authentication it has one serious flaw, it can’t be replaced when the secret is compromised.
Now let’s say the crude oil facility in Valdez Alaska starts implementing a biometric fingerprint system as the sole means of authorizing access into the terminal. If someone lifts your fingerprints the secret is suddenly known by a third person and is compromised. Here lies the problem. Your secret, held on the tips of your fingers, can not be replaced. Only you can be replaced, something your company may be willing to do.
What if the thief digitalizes those prints and uploads them to a web server, the secret is know to the world and any authentication system (worldwide) using biometrics is now compromised for your use.
To solve this problem the Department Of Homeland Security should publish the fingerprints of every US citizen and foreign national in its database.
You see the problem with biometrics is not in identification, it’s in authentication. To make this clear open your wallet again, you have more than one card, right? Let’s examine the contents:
You have individual credit and ATM cards that authenticate your use of individual banking services. It is very unlikely you would be willing to keep all your financial information on one card because it would get more use than any individual card (more opportunities for theft by vendors) and, if stolen, would give the thief access to the summation of your balances and credit. It would also give the thief a choice of target institutions, allowing him to choose the bank with the lowest level of security. Having all your eggs in one basket is never a good idea.
Just as compartmentalizing your finances is sound practice, so is access to secure facilities. If your fingerprints are stolen in Valdez it’s unlikely terrorists would be able to access the robust security system at the local terminal but he could easily email those fingerprints to friends near a less secure refinery in Mississippi, or Mumbai India.
While credit cards are an authentication system, your divers license is an identification card. The information contained on the card (name, address) is public knowledge published yearly and delivered to the doorstep of every individual within 50 miles of your house (Hint: it’s a large yellow book). The other information on the card (age, height, hair color) is held at the library where you grew up and published on the internet by a myriad of companies that digitize high school yearbooks.
Go to any retail store in California and you will be asked to show your license when making a credit card purchase. Can we not have an authentication and identification system at our ports and waterfront facilities?
Cash is the final item carried in every wallet. This system works because vast amounts of government resources go into it’s production. If in doubt about the validity of a dollar bill you can bring it to any bank and have it verified and the Secret Service spends an incredible amount of its resources finding counterfeiters. The bill works because you trust it’s makers.
Biometrics are an excellent means of identification but fail when used for authentication. Access to secure facilities needs to be compartmentalized with each sharing an individual secret with it’s authorized users. This should be used in combination with biometrics as means of both identifying and authorizing an individual before granting access.
Critical to the implementation of this idea is the publication of the Department Of Homeland Security’s biometric database. Like cash, this give the data validity and assures it won’t be hacked by terrorist cells. Most importantly, publishing the data reveals “the secret” making its use as an authentication method instantly useless and preventing the discrimination of employees whose biometric data has been compromised.
We must do this soon before countries worldwide look to implement their own secret databases of foreign worker identities.
What are your thoughts?