Comments on: DHS Biometric Database – Concerns And A Controversial Solution http://gcaptain.com/maritime/blog/dhs-biometric-database-concerns-and-a-controversial-solution/ A Blog About Ships Thu, 18 Mar 2010 19:11:05 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: admin http://gcaptain.com/maritime/blog/dhs-biometric-database-concerns-and-a-controversial-solution/comment-page-1/#comment-10725 admin Wed, 30 Apr 2008 13:45:35 +0000 http://gcaptain.com/maritime/blog/?p=1450#comment-10725 Excellent comment, thanks John! Excellent comment, thanks John!

]]> By: admin http://gcaptain.com/maritime/blog/dhs-biometric-database-concerns-and-a-controversial-solution/comment-page-1/#comment-13357 admin Wed, 30 Apr 2008 11:45:35 +0000 http://gcaptain.com/maritime/blog/?p=1450#comment-13357 Excellent comment, thanks John! Excellent comment, thanks John!

]]> By: John Pettitt http://gcaptain.com/maritime/blog/dhs-biometric-database-concerns-and-a-controversial-solution/comment-page-1/#comment-10520 John Pettitt Sun, 27 Apr 2008 00:24:17 +0000 http://gcaptain.com/maritime/blog/?p=1450#comment-10520 It turns out that "who are you" is a really difficult question to answer reliably. If you've watched mythbusters you'll know that fingerprint scanner can be defeated pretty easily. Good security uses two or three independent factors to authenticate users. Something you have (say and ID), something you know (a PIN or password) and something you are (retina or fingerprint scan). Single factor security is generally easy to beat. All of that assumes the right person got entered into the database in the first place. That's much more problematic because the source documents we use to prove ID are completely independent of the the actual person (eg a social security card and a birth certificate gets you a drivers license and a passport). In the commercial world (credit cards are a good example) a certain level of ID fraud is a cost of doing business. There comes a point where increased security costs more than the losses it's trying to prevent and the "insult rate" (when legitimate transactions are declined by an over zealous system) becomes a problem. John (apart from doing HD-SF.com time-lapse I used to write credit card fraud detection software) It turns out that “who are you” is a really difficult question to answer reliably. If you’ve watched mythbusters you’ll know that fingerprint scanner can be defeated pretty easily. Good security uses two or three independent factors to authenticate users. Something you have (say and ID), something you know (a PIN or password) and something you are (retina or fingerprint scan). Single factor security is generally easy to beat.

All of that assumes the right person got entered into the database in the first place. That’s much more problematic because the source documents we use to prove ID are completely independent of the the actual person (eg a social security card and a birth certificate gets you a drivers license and a passport).

In the commercial world (credit cards are a good example) a certain level of ID fraud is a cost of doing business. There comes a point where increased security costs more than the losses it’s trying to prevent and the “insult rate” (when legitimate transactions are declined by an over zealous system) becomes a problem.

John (apart from doing HD-SF.com time-lapse I used to write credit card fraud detection software)

]]>