[EAS]Privacy Struggles

pjk pjk at design.eng.yale.edu
Fri May 17 18:09:02 EDT 2002

Subject:   Privacy Struggles

(from NewsScan Daily, 17 May 2002)

Network vandals have stolen 13,000 credit reports in recent months
from  Experian, a national reporting agency. An Experian executive
said, "I've  never seen anything of this size. Privacy is the
hallmark of our business.  We're extraordinarily concerned about the
privacy issue here, and the trust  factor." The intruders used an
authorization code from Ford Credit to  obtain the reports, which
gave the intruders access to each victim's  personal and financial
information, including address, Social Security  number, bank and
credit card accounts and ratings of creditworthiness. Ford has sent
letters via certified mail to all 13,000 people, urging them to 
contact Experian and the two other major credit reporting companies,
Equifax and TransUnion, and to report any evidence of abuse to the
FBI.  (New York Times 17 May 2002)

A Japanese engineering professor has managed to trick biometric
security  systems using artificial fingers made with gelatin. In
addition to creating  a fingerprint by pushing a finger into a
malleable plastic mixed with  gelatin, the researchers were able to
create credible fingers using  fingerprints lifted from a glass.
First, the latent print was hardened,  using glue that sticks to the
ridges of the fingerprint. The hardened print  was then
photographed, using a digital camera, and enhanced using Adobe 
Photoshop software to create heightened contrast between the ridges
and  gaps. The image was then transferred to a photosensitive sheet,
etched into  copper and used to create another mold. Both methods
resulted in a fake  finger that was able to fool a variety of
biometric readers 80% of the  time. Security experts say the
experiments cast serious doubt on any claims  that this type of
biometric system can be made fully secure. (BBC News 17  May 2002)

(and from INNOVATION, 1 May 2002)

One new area of research in identification technologies involves 
"gait-recognition." Funded by the U.S. Defense Advanced Research
Projects  Agency (DARPA), a handful of universities are developing
ways to identify  people through their body language. One approach
underway at Carnegie  Mellon's Robotics Institute involves creating
a "movement signature" for  each person. Subjects are filmed walking
and running on a treadmill, and  then software tools are used to
remove all background footage, creating  silhouettes of each person
which are then stored as digital images. The  same people are filmed
again in an entirely different context, and the  computer is
instructed to identify each individual based on the stored  images.
"The system generalizes well across all the different gaits," says 
research scientist Robert Collins. "So far we're getting a 90 to 95
percent  correct match." Meanwhile, a team at Georgia Tech is using
a method called  structural analysis to measure properties like a
person's stride length and  leg spread, and a team at MIT's
Artificial Intelligence Lab is using  software designed to re-render
an image of a person walking at new angles.  "It explicitly
re-visualizes the image as if it was a straight line, and  then runs
the old algorithm," says team leader Trevor Darrell. The system  is
running at "roughly 95 percent accuracy," says Darrell. (Technology 
Review 23 Apr 2002)

Remember those movies where a dam starts leaking, the cracks get
bigger, and pretty soon there is a major gusher? That's the feeling
I get here. Security is always just as much a people issue as a
technology issue, and is full of leaks.

And as regards yet another means of identification, via
"slouch-prints"? Come on, don't they have anything better to do?
Research these days is increasingly a pure marketing process--if you
have the name, and the funding, it _is_ respectable. Period. Dark
days ahead in academia. They could use a little "innoveillance." 
(With luck someone interested in gait and its relation to lower-back
problems will get involved. That could be useful.)  --PJK

More information about the EAS-INFO mailing list