?

Log in

No account? Create an account
 
 
04 April 2005 @ 05:56 pm
Really, it does  
RFID Kills. This is another example of just how poorly our government plans / thinks about / executes security policy.
 
 
 
lio on April 4th, 2005 11:49 pm (UTC)
So... stupid.

The point to any security system is to identify and authorize people. Security checkpoints match an authorized person with an authorized activity. The very fact that people have to carry some kind of ID card or chip or whatever is just a monkey wrench in the whole works. Those things can be faked or stolen. What we need is a fast and accurate system that can identify people WITHOUT the need for cards or chips. Palm readers or retinal scanners are probably a better step towards eliminating identity theft. Those systems aren't perfect yet, but I think the R&D in that area would be time/money well spent.
Hoc Est Qui Sumusdiscoflamingo on April 5th, 2005 07:07 pm (UTC)
The point to any security system is to identify and authorize people.

I've been reading Bruce Schneier a lot lately, and he makes the point that there are three major tasks we are trying to accomplish with an ID system - identification, authentication, and authorization. Some systems try to do all three when they only need to do two, and some don't do three when they only do one. A system needs to be designed, from the ground up, to do exactly what its users need it to do. This is why using Social Security cards/numbers and mother's maiden names as identifiers rarely works as authentication mechanisms, since all it gets you is a unique number that is (essentially) public information.

What we need is a fast and accurate system that can identify people WITHOUT the need for cards or chips. Palm readers or retinal scanners are probably a better step towards eliminating identity theft. Those systems aren't perfect yet, but I think the R&D in that area would be time/money well spent.

Biometrics only work in this area with access to a large database of accurate information taken from willing people (i.e. non-terrorists). This creates another problem of securing that database. Also, palm and finger prints change over time, so false negatives will be a significant problem. In a situation like this, you need multiple tokens to authenticate a person easily - taking a fingerprint scan and comparing a photo id may be more useful than comparing the fingerprint to an existing one, since it makes the system less brittle.

I could go on about this in a more focused fashion, but I'm a little wired from caffeine lately.