Is Elvis Dead? Who Knows, But His Passport Made It Through Airport Security In Amsterdam
from the biometrics? dept
There's been a big push lately to use "biometrics" at airports -- especially in light of the well publicized attack attempt last Christmas. But biometrics -- especially chips in passports -- can easily be fooled, and can create a false sense of security. JJ sent over the news of two hackers who were able to get past the security check-in with a passport claiming to be Elvis Presley -- they even included an Elvis photo. Now, there certainly are some limitations with what they did, and even they admit that this sort of hacking wouldn't work in a lot of cases. However, just the fact that they were able to get past the machine with a faked biometric Elvis chip suggests that the whole focus on biometrics is a bit of a red herring, as the data can be faked.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: airport security, elvis, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
Unh huh huh!
[ link to this | view in chronology ]
Re: Unh huh huh!
"Bing Bong...Elvis has left the building...!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
" it's just lucky that they did it before any of the slightly intelligent criminals got around to it"
I wouldn't be too sure about that. By the time "good" people think about it criminals have already been doing it for years
[ link to this | view in chronology ]
Re:
" it's just lucky that they did it before any of the slightly intelligent criminals got around to it"
I wouldn't be too sure about that. By the time "good" people think about it criminals have already been doing it for years
[ link to this | view in chronology ]
Re:
The problem isn't the technology, but peoples' dependence on it. Liberties are being violated in the name of security, and the monkeys they have staffing the machines seem to lack the capability to critically examine the information they are being given. Far too many legitimate travellers have problems "because the machine says so", while those passed are often not examined with human eyes.
There's also the fact that such "security" is really just theatre and totally reactive. Somebody tries a shoe bomb, but is caught by existing methods - make everybody take their shoes off. Somebody tries a liquid based bomb that fails miserably - nobody can take a bottle of water on the plane. It's silly, and does nothing to improve security, regardless of the quality of the technology.
[ link to this | view in chronology ]
Shoe bomber was not caught
As I recall, Richard Reid was not "caught by existing methods" but was in the process of (stupidly) igniting his bomb in the cabin rather than the toilet when he was apprehended.
So he was in fact not "caught" at all, in the "keeping everyone safe" meaning of the word.
Relying on all bombers being idiots was never going to be a good long term policy. Not after the level of planning shown on 9/11.
They need to get some creatives together to brainstorm attack methods, THEN see if their systems would withstand such attack attempts. I predicted 2 component liquid bombs would come soon after 9/11 but I'm not someone they are likely to listen to and anyway who am I supposed to tell ?
For example, how big a swallowed detonator is required to ignite the stomach of a suicide bomber who has been swallowing many small pouches of semtex ?
Our security services simply have no imagination, that's the problem.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
False Sense of Security
So, of what benefit is this additional (so called) security?
[ link to this | view in chronology ]
All you know is..
When an immigration official checks a photo ID then he can be pretty sure that the photograph is of the person in front of him. He can also use his own judgement that the document is genuine. Neither process is perfect of course - but at least the person involved understands what is going on.
When an official checks a biometric passport a little green light (or some such) will light up to tell him its OK - but all he really knows it that the little light lit up.
It turns him into a cypher and probably results in a lower standard of personnel in the job.
It increases the hassle on false positives - because he will not feel that he has any discretion.
It guarantees that anyone who defeats the technology will get through - because he is no longer bothering with any other signs.
And of course someone WILL defeat the technology - because its such a big target that it will attract all the best hackers worldwide (eg MOSSAD).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
no no no
[ link to this | view in chronology ]
Re: no no no
[ link to this | view in chronology ]
Re: no no no
[ link to this | view in chronology ]
I propose a system that involves the passengers. For instance, our method of handling emergencies often involves citizens. It would be impractical for the police to monitor everything that goes on all at once and respond to emergencies accordingly. As a result we implement a system called 911. As children, in grade school, we are taught when to call 911 and when not to and when we see an emergency we call 911 directing the focus of authorities where it needs to be directed the most. The same thing can be done here. You enter an airplane and they normally have a big screen T.V. that either shows movies or a map or whatever. Well, after everyone enters an airplane and is seated they can have a five minute clip that shows/tells everyone what to look out for and when to alert authorities about suspicious behavior and when not to (ie: to avoid false positives as much as possible). Then, they can have a keypad or something that people can press a couple numbers in next to each seat to alert authorities of suspicious behavior to allow authorities to respond appropriately. After all, the passengers are in the airplane anyways, they do have an interest in ensuring safety, why not have them be the lookouts for suspicious behavior instead of just being idle.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Also, this is why teams of software engineers can spend many man hours and millions of dollars trying to secure a piece of software only to have some 13 year old kid crack it in very little time at very little cost. There are many more possible functional and insecure combinations of software than there are possible functional and secure combinations of software and so finding a functional and secure combination of software can be expensive.
[ link to this | view in chronology ]
Re:
We need to implement a passenger aided security system, one that involves the passengers and their ability to look out for suspicious behavior and educate passenger about what to look out for and what to report and what not to worry about.
[ link to this | view in chronology ]
Airplane Security
If a plane is less useful as a hijacking target, there will be less hijackings.
[ link to this | view in chronology ]
They are useful in cases where you have a database of biometric data, and a person you want to mach to the database. So you have a person claiming that they are someone say John, you read the iris or finger print from the person making the claim and see if it matches John's entry in the database. (This has problems in that matching biometric data is not entirely reliable and to be really sure you need to get an export to verify the match, and even then it's "These could be from the same person")
The problem with biometric passports is that you are getting the data you are checking against from the same person you are trying to identify... This doesn't work.
[ link to this | view in chronology ]