Why Making A Peace Sign In Public Is Now A Security Risk
from the and-not-just-for-political-reasons dept
The British have a number of traditions. Some, such as drinking tea, are famous around the world. Less well-known is a habit of revealing highly-confidential information by carrying pieces of paper in public that photographers using long-focus lenses are able to snap and then magnify to read. The Guardian wrote an entire article on the subject, detailing how numerous embarrassing leaks occurred in the UK because people forgot to put the documents they were holding in some kind of opaque folder. On one occasion, an anti-terror operation had to be brought forward when Britain's most senior counterterrorism officer walked around with top secret documents on display -- a blunder that cost him his job.
This mistake is so common that there are notices by the door of the UK Prime Minister's residence at Number 10 Downing Street reminding people not to walk out with confidential material that is exposed. The fact that there is a photographer with a long-focus lens who hangs around outside No 10 in the hope that they do precisely that shows how often they ignore this warning.
Although the Brits have practically turned this activity into another weird sport alongside cricket, it's not unknown in the US. For example, the following happened at the end of November last year:
Potential Donald Trump cabinet pick Kris Kobach accidentally leaked Department of Homeland Security plans when posing for a press photograph with the president-elect. Using photo editing tools, a zoomed-in view on the documents being carried by Kansas Secretary of State Kris Kobach reveals a plan to put Trump’s hard-line immigration platform into practice.
Aside from the carelessness of the people involved, the problem has arisen because long-focus lenses are now so powerful and commonly-deployed that it is relatively easy to capture a high-quality image of an exposed document so that its contents can be read. That's a problem that will only get worse as camera technology advances, especially combined with digital enhancement techniques. If this story on the BBC's website is to be believed, it's not just documents that are now at risk as a result:
A Japanese researcher says doing the peace sign in a photo could lead to your fingerprints being stolen.
They might be easy to recreate if your digits are "in focus with strong lighting".
That claim is from Isao Echizen, from the National Institute of Informatics (NIII), who says prints could then be made "widely available".
That's clearly a big problem at a time when fingerprints are increasingly being used to unlock digital devices, and to provide access to sensitive data. The British experience shows it's hard enough to shield confidential papers; keeping fingerprints out of high-resolution photos seems like an impossible task.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fingerprints, photographs, privacy
Reader Comments
The First Word
“Biometrics
Biometrics are usernames, not passwords.Subscribe: RSS
View by: Time | Thread
Biometrics
[ link to this | view in chronology ]
Re: Biometrics
[ link to this | view in chronology ]
Re: Biometrics
[ link to this | view in chronology ]
Re: Re: Biometrics
[ link to this | view in chronology ]
Re: Re: Re: Biometrics
Did you read nothing above? Or do you have an investment in a biometrics company?
[ link to this | view in chronology ]
Re: Re: Re: Re: Biometrics
They are not perfect. In fact, it's common for them to even change over time.
Even if you did have a perfect capture of whatever biometric you're using, which actually rarely happens, the idea that they are unique has never been tested or proven true. It's just always been assumed, and security is not a place we should be assuming anything.
They are ridiculously easy to replicate. I can most likely replicate at least one of your fingerprints just testing your outside doors and car doors.
[ link to this | view in chronology ]
Re: Re: Re: Re: Biometrics
[ link to this | view in chronology ]
Re: Biometrics are usernames, not passwords.
Unfortunately, no. Usernames are not confidential information, so there is no point in using biometrics for them.
A username is who you claim to be. But anybody can make that claim. You then have to accompany that claim with some kind of authentication protocol, to prove your claim. Which is where authentication comes in.
As Bruce Schneier has pointed out, there are three categories of ways to provide such authentication factors:
What’s called “two-factor” authentication means using factors from two different categories.
[ link to this | view in chronology ]
Re: Re: Biometrics are usernames, not passwords.
http://arstechnica.com/tech-policy/2017/01/court-rules-against-man-who-was-forced-to-fingerprint- unlock-his-phone/
[ link to this | view in chronology ]
Re: Re: Biometrics are usernames, not passwords.
A username is meant to identify a user. That's exactly what biometrics are meant to do. Believing that a biometric is confidential is just inviting yourself to get hacked.
The problem I have with the push for biometrics today is that too much of the information people are basing their opinions on is assumption, not proven fact. The biggest two being that biometrics are unique to a single person (never proven true), and that they cannot be easily copied (proven false).
[ link to this | view in chronology ]
Re: Re: Biometrics are usernames, not passwords.
Remotely, all authentication factors are just information. Something you know.
[ link to this | view in chronology ]
Time to stop using fingerprints for authentication, then
If fingerprints can be read at a distance, they're no longer useful for authentication.
So, stop using them. We have plenty of better options anyway.
[ link to this | view in chronology ]
Re: Time to stop using fingerprints for authentication, then
BTW, people's lips match their nipple color. Good luck trying to look anyone in the face for the rest of today.
Ask me about two-factor authentication!
[ link to this | view in chronology ]
Re: Re: Time to stop using fingerprints for authentication, then
[ link to this | view in chronology ]
Re: Re: Time to stop using fingerprints for authentication, then
[ link to this | view in chronology ]
Re: Re: Re: Time to stop using fingerprints for authentication, then
[ link to this | view in chronology ]
Re: Re: Time to stop using fingerprints for authentication, then
A couple years ago I was ordered to make the UI for our new online shopping cart as intuitive as possible. Quick research revealed that "the only truly intuitive user interface is the nipple."
I'm no longer allowed to discuss innovative nipple-based technology.
[ link to this | view in chronology ]
Re: Re: Re: Time to stop using fingerprints for authentication, then
[ link to this | view in chronology ]
Re: Sorry, but using both nipples is not "two-factor authentication".
Ouch...
[ link to this | view in chronology ]
Re: Re: Re: Time to stop using fingerprints for authentication, then
[ link to this | view in chronology ]
Re: Re: Time to stop using fingerprints for authentication, then
Well, not unless they also apply it to their nipples as well!
[ link to this | view in chronology ]
Re: Time to stop using fingerprints for authentication, then
Such as?
[ link to this | view in chronology ]
Re: Re: Time to stop using fingerprints for authentication, then
If for no other reason the fact that I can change a password when it gets compromised or whenever I choose makes them better. Good luck finding a new biometric after someone gets all your fingerprints.
[ link to this | view in chronology ]
Re: Re: Re: Time to stop using fingerprints for authentication, then
[ link to this | view in chronology ]
Re: Re: Re: Time to stop using fingerprints for authentication, then
I had a shop accident a few years ago and one of my fingerprints has been permanently changed so, it does happen. Fortunately, I had more than one finger recorded for my laptop's fingerprint reader (and I still knew my password even if I lost all 10).
[ link to this | view in chronology ]
Other ways
[ link to this | view in chronology ]
Re: Other ways
Years ago German Interior Minister Wolfgang Schauble was pushing for biometric identity cards. So Chaos Computer Club hackers lifted his fingerprints off a glass and published 10,000 copies of them on acetate (suitable for leaving fingerprints) as a magazine insert.
Then in 2014 they obtained the fingerprints of German defence minister Ursula von der Leyen, this time from photographs including one gleaned from a press release issued by her own office.
[ link to this | view in chronology ]
Re: Re: Other ways
[ link to this | view in chronology ]
Re: Re: Re: Other ways
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
White Gloves
Just like Charlie Chaplain!
[ link to this | view in chronology ]
Re: White Gloves
[ link to this | view in chronology ]
Re: White Gloves
[ link to this | view in chronology ]
They held it up against passwords, pass phrases, fingerprint and iris scans. Incredibly enough they found that Windows hello was the hardest to fool when they couldn't even use an identical twin to access someones computer.
It does have its troubles though... gain or loose weight, grow a beard, get a too obvious piercing, or get an injury and you would be locked out. This leads back to a secondary method of gaining access which is then dependent on one of the less safe methods.
It does provide a somewhat good security though, as faces are hard to copy when a cutout won't work. Iris and fingerprints are just too simple to be effective.
[ link to this | view in chronology ]
Re:
Link?
[ link to this | view in chronology ]
Re: facial recognition is actually the safest
You just have to look around this site for a minute or two to find plenty of evidence to the contrary.
[ link to this | view in chronology ]
Re:
What about a professionally made latex cast of a face? the sort special effects artists or wax museums make?
[ link to this | view in chronology ]
Re: Re: diversion
P.S. When i was giving pre-induction physicals for the Armed Forces Entrance & Examination Station, three or more nipples was seen almost every day...And, we resold your piss test for $75 a barrel..
[ link to this | view in chronology ]
Re: Re:
Or even just a photo.
[ link to this | view in chronology ]
Re: Re: Re:
Even Windows Hello requires cameras that also see in IR so that fake faces (non-living ones) don't work and that's in consumer level equipment now. Anything that really needs to be secured should be using even better equipment than that.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
I am appalled, Glyn Moody
I am appalled at your disgusting attitude shown in
Cricket is the sublime, superior sport played all over the world. In backyards, on ovals, at the beach, nothing could be finer and more civilised than playing a game of cricket.
To denigrate this game in the way that you have, has completely diminished anything that your article might have provided.
You need to change your attitude to this most wonderful of sports.
[ link to this | view in chronology ]
Re: I am appalled, Glyn Moody
[ link to this | view in chronology ]
Re: Re: I am appalled, Glyn Moody
[ link to this | view in chronology ]
Its not just because of the long lens
[ link to this | view in chronology ]
...And immediately turned on the pattern lock. I can change the pattern, or a PIN. I can't change my fingerprints.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Jurisdiction dependent. Some countries have legislation that can be used to compel providing passwords/cryptographic keys.
[ link to this | view in chronology ]
Upcoming government solution
Surprised no one in here thought of this. You can bet it's occurred to government bozos.
[ link to this | view in chronology ]
Re: Upcoming government solution
and a Canon Cine-35 45-200mm 1:2.8 zoom, six pounds and $20k from 1980.
Way to late.
[ link to this | view in chronology ]
Take me wife. please
The established paranoids cannot abide such choices and personal responsibility.
So be it. Paranoids can choose to be crazy, as a personal life style. just do not include your unwilling neighbors.
[ link to this | view in chronology ]
Re: Take me wife. please
[ link to this | view in chronology ]
Nothing New
Similarly, about 20 years ago the Canadian government had to quickly rewrite parts of their budget; (budgets in Parliament are secret until the details are announced) the finance minister in a photo op the day before the release was flipping through the secret budget bill and someone realized that freeze-framing the video allowed them to read details of some new tax measures.
One of the early programs, even before iPhones, allowed a flip-phone user to video a page and feed it into a compute program to create a full-page higher resolution picture; something especially useful in Japan with pictographic printing. People would video the article they were reading at a magazine stand.
[ link to this | view in chronology ]
[ link to this | view in chronology ]