Ben Goldacre

The Guardian

Saturday November 24 2007

Sometimes just throwing a few long words around can make people think you know what you’re talking about. Words like “biometric”. When Alistair Darling was asked if the government will ditch ID cards in the light of this week’s data cock-up, he replied: “The key thing about identity cards is, of course, that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be.”

Yes, that’s the problem. We need biometric identification. Fingerprints. Iris scans. Gordon Brown says so too: “What we must ensure is that identity fraud is avoided, and the way to avoid identity fraud is to say that for passport information we will have the biometric support that is necessary.”

Tsutomu Matsumoto is a Japanese mathematician, a cryptographer who works on security, and he decided to see if he could fool the machines which identify you by your fingerprint. This home science project costs about £20. Take a finger and make a cast with the moulding plastic sold in hobby shops. Then pour some liquid gelatin (ordinary food gelatin) into that mould and let it harden. Stick this over your finger pad: it fools fingerprint detectors about 80% of the time. The joy is, once you’ve fooled the machine, your fake fingerprint is made of the same stuff as fruit pastilles, so you can simply eat the evidence.

But what if you can’t get the finger? Well, you can chop one off, of course – another risk with biometrics. But there is an easier way. Find a fingerprint on glass. Sorry, I should have pointed out that every time you touch something, if your security systems rely on biometric ID, then you’re essentially leaving your pin number on a post-it note.

You can make a fingerprint image on glass more visible by painting over it with some cyanoacrylate adhesive. That’s a posh word for superglue. Photograph that with a digital camera. Improve the contrast in a picture editing program, and print the image on to a transparency sheet, then use that to etch the fingerprint on to a copper-plated printed circuit board (it sounds difficult, but you can buy a beginner’s etching set at Maplin for £10.67). This gives an image with some three-dimensional relief. You can now make your gelatin fingerpad using this as a mould.

Should I have told you all that, or am I very naughty? Yes to both.

It’s well known that security systems which rely on secret methods are less secure than open systems, because the greater the number of people who know about the system, the more people there are to spot holes in it, and it is important that there are no holes. If someone tells you their system is perfect and secret, that’s like quacks who tell you their machine cures cancer but they can’t tell you how: it’s nonsense. Open the box, quack.

In fact you might sense that the whole field of biometrics and ID is rather like medical quackery: as usual, on the one hand we have snake oil salesmen promising the earth, and on the other a bunch of humanities graduates who don’t understand technology, science or even human behaviour. Buying it. Bigging it up. Thinking it’s a magic wand.

But it’s not. The leak last week wasn’t because of unauthorised access, it couldn’t have been stopped with biometrics; it happened because of authorised access which was managed with a contemptible, cavalier incompetence. The damaging repercussions for 25 million people will not be ameliorated by biometrics. What about the stalker, or the estranged husband, buying the address of his target?

And will biometrics prevent ID theft? Well, it might make it more difficult for you to prove your innocence. And once your fingerprints are stolen, they are harder to replace than your pin number. But here’s the final nail in the coffin. Your fingerprint data will be stored in your passport or ID card as a series of numbers, called the “minutiae template”. In the new biometric passport with its wireless chip, remember, all your data can be read and decrypted with a device near you, but not touching you.

What good would the data be, if someone lifted it? It would be everything. Jim Knight MP, the Labour Minister for Schools and Learners, said in July: “it is not possible to recreate a fingerprint using the numbers that are stored. The algorithm generates a unique number, producing no information of any use to identity thieves.” Greg Mulholland MP replied: “I hope that that is clear to all those listening, because it is an important reassurance on the points that the hon. Gentleman has made.”Crystal clear Jim, Greg. Unfortunately, a team of mathematicians published a paper in April this year, showing that they could reconstruct a fingerprint from this data alone. In fact, they printed out the images they made, and then – crucially, completing the circle – used them to fool fingerprint readers.

Ah biometrics. Such a soothingly technical word. Repeat it to yourself.

References:

Here is the Matsumoto “Gummi” paper:

www.lfca.net/Fingerprint-System-Security-Issues.pdf

And here’s a great presentation featuring really nice photographs of the process:

web.mit.edu/6.857/OldStuff/Fall03/ref/gummy-slides.pdf

Here’s the paper on producing a fingerprint from the minutiae template:

biometrics.cse.msu.edu/Publications/SecureBiometrics/RossShahJain_FpImageFromMinutiae_PAMI07.pdf

Here’s a nice pic:

If anyone’s interest in this kind of thing is piqued, I recommend Ross Anderson’s book (although I disagree with him on issues around medical data for research):

www.cl.cam.ac.uk/~rja14/book.html

And Bruce Schneier’s security newsletter is excellent:

schneier.com/crypto-gram.html

And here’s a video of some chaps doing the biometrics tricks:

And this from the comments, which I should have mentioned: