A new law that went into effect today. A DNA sample buffet of anyone charged with a felony in Florida.

From The News Herald:

The new law, which went into effect today, will require anyone arrested on a felony charge submit a DNA sample to be added to a state database. Previously, DNA samples were taken only from those convicted of felonies.

“This is common sense and the right thing to do,” said Crist, flanked by uniformed state troopers at the June 17 bill signing.

Under the new law, however, thousands of people who are arrested on felony charges but later have those charges dropped or reduced could have their DNA swept into the statewide offender database.

So, is this to say that folks that are innocent can find their DNA in this database as well? Seems a touch sketchy on the surface. Of the people charged with a felony in 2008, 26 percent had their charges reduced, dismissed or were found innocent.

Can the innocent have a say?

“People can get their DNA purged from it if they have their charges dropped or are found innocent, stuff like that,” said Rep. Marti Coley, R – Marianna.

Strickland said the removal process is flawed.

“The process does not occur automatically,” she said. “We advocated for an automatic expungement program, and it failed.”

This has all the hallmarks of an absolutely horrid piece of…legislation.

Article Link

From the Associated Press:

More than a quarter million people are wondering what will happen to their fingerprints, Social Security numbers, home addresses and other personal information now that a company that sped them through airport security is out of business.

Government officials are wondering too.

Well, wonder no more…for the moment at least. Today we had one of our readership who as good enough to share a copy of the Dear John letters that Clear Members around the US are receiving on the heels of the programs demise (Thx rybolov).

Flyclear.com have taken down the website and replaced the main page with the following email text.

From: “Clear Customer Service”
Date: [REDACTED]
To: [REDACTED]
Subject: Clear Member Update

Clear Member Update

Dear [REDACTED],

In response to questions raised by our members, Clear would like to offer the following information:

Clear Lanes Are No Longer Available.

At 11:00 p.m. PST on June 22, 2009, Clear ceased operations. Clear’s parent company, Verified Identity Pass, Inc., was unable to negotiate an agreement with its senior creditor to continue operations. Verified Identity Pass regrets that Clear will not be able to continue operations.

How is Clear securing personal information?

Clear stands by our commitment to protect our customer’s personally identifiable information – including fingerprints, iris images, photos, names, addresses, credit card numbers and other personal information provided to us – and to keep the privacy promises that we have made. Information is secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards.

How is Clear securing any information at the airports?

Each hard disk at the airport, including the enrollment and verification kiosks, has now been wiped clean of all data and software. The triple wipe process we used automatically and completely overwrites the contents of the entire disk, including the operating system, the data and the file structure. This process also prevents or thoroughly hinders all known techniques of hard disk forensic analysis.

How is Clear securing any information in central databases and corporate systems?

Lockheed Martin is the lead systems integrator for Clear, and is currently working with Verified Identity Pass, Inc. to ensure an orderly shutdown as the program closes. As Verified Identity Pass, Inc. and the Transportation Security Administration work through this process, Lockheed Martin remains committed to protecting the privacy of individuals’ personal information provided for the Clear Registered Traveler program. Lockheed’s work will also remain consistent with the Transportation Security Administration’s federal requirements and the enhanced security and privacy requirements of Verified Identity Pass, Inc.

The computers that Verified Identity Pass, Inc. assigned to its former corporate employees are being wiped using the same process described for computers at the airports.

Will personally identifiable information be sold?

The personally identifiable information that customers provided to Clear may not be used for any purpose other than a Registered Traveler program operated by a Transportation Security Administration authorized service provider. Any new service provider would need to maintain personally identifiable information in accordance with the Transportation Security Administration’s privacy and security requirements for Registered Traveler programs. If the information is not used for a Registered Traveler program, it will be deleted.

How will members be notified when information is deleted?

Clear intends to notify members in a final email message when the information is deleted.

Who is monitoring this process?

Clear is communicating with TSA, airport and airline sponsors, and subcontractors, to ensure that the security of the information and systems is maintained throughout the closure process. Clear thanks these partners for their continuing cooperation and diligence.

How can I contact Clear?

Please visit our website, www.flyclear.com, for the latest updates. Clear’s call center and customer support email service are no longer available.

Will I receive a refund for membership in Clear?

At the present time, Verified Identity Pass, Inc. cannot issue refunds due to the company’s financial condition.

Has Verified Identity Pass, Inc. filed for bankruptcy?

At the present time, Verified Identity Pass has not commenced any proceedings under the United States Bankruptcy Code.

Clear Customer Service

Clear, 600 Third Avenue 10th Floor, New York, NY 10016
www.flyclear.com

Three times overwrite to destroy the hard drive data. OK, but, by what method? NIST 800-88 (.pdf) lays out some criteria but, it’s unclear if they followed that guidance or something similar. The Canadian Communications Security Establishment offers this guidance for clearing and declassifying data storage devices.

Myrcurial had this to add,

It depends on the technology and the over-write method — ie: all ones, random, and whether or not the controller (assuming it’s magnetic disk and not tape/optical/etc.) is giving you a true 1:1 representation of all sectors. 3x with the wrong method on a modern IDE disk doesn’t mean the same as one time with the right method on an MFM/RLL disk

Why not just pitch the drives in a grinder? Also, I have little doubt that there were laptops floating about. Have they all been accounted for? Thumb drives?

Oh, and they’re not filing for bankruptcy. But, they’re keeping your money. WTF?

For more on this story check out the following article.

Article Link

Interpol will be proposing the roll out a facial recognition database.

From The Register:

Interpol chiefs will propose the use of automated facial-recognition technology at borders to flag up internationally wanted suspects, according to reports.

The UK already has airport gates equipped with such technology, intended to remove the need for a human border guard to check that a passenger’s face matches the one recorded in his or her passport. According to the Guardian, Interpol database chief Mark Branchflower believes that his organisation should set up a database of facial-recognition records to operate alongside its existing photo, fingerprint and DNA files.

Interpol member nations would have the option of uploading face records of wanted suspects in the same way they already do other biometrics data, and would be able to check an individual’s headshot against the Interpol files as with the other metrics.

I’m wondering about the veracity of a program such as this. Time and again we have seen roll outs similar to this that have consistently failed. Will this be different? This will be one to watch.

Nothing like a few good ole mugshots to amuse in the interim.

Read more

One thing that has been starting to get more press are medical implants that are wireless. Researchers in China have devised a way to encrypt signals in these biometric devices using the patients heartbeat.

From Heise:

But the opportunities also increase the risks. Wireless implants are vulnerable to malicious attacks, which can be fatal. Experts say that signals must be securely encrypted. Now, researchers from the Chinese University of Hong Kong have presented their solution based on biometric features. The patient’s individual heartbeat, which can easily be measured from the person’s pulse, is used as the key for encryption. In their tests, 64-bit encryption works quite well, with the recognition ratio being nearly as accurate as with conventional fingerprint recognition systems. In the journal IEEE Transactions on Information Technology in Biomedicine, the researchers argue that heartbeat encryption is even safer because the constantly changing heartbeat cannot be mimicked by a recorded copy.

An interesting thought. But, could this also provide the key to break the crypto? Using a high powered parabolic microphone one could feasibly record the heartbeat of a target while they’re sitting at a sidewalk cafe.

Now imagine that the biometric device that you are looking to control is a heart monitor or insulin dispenser. This could potentially have horrific consequences. Sure the researchers say that it would be “impossible for attackers to use recorded data as a key at a later date”. Never say never. Of course this falls into the FUD category but, makes for an interesting movie plot line.

Article Link

Love the Gummi Bears. But, in this case it was a little more sophisticated.

From Wired:

To demonstrate why using fingerprints to secure passports is a bad idea, the German hacker group Chaos Computer Club has published what it says is the fingerprint of Wolfgang Schauble, Germany’s interior minister.

According to CCC, the print of Schauble’s index finger was lifted from a water glass that he used during a panel discussion that he participated in last year at a German university. CCC published the print on a piece of plastic inside 4,000 copies of its magazine Die Datenschleuder that readers can use to impersonate the minister to biometric readers.

Several years ago the CCC published a guide to lifting and reproducing fingerprints.

Schauble is a big proponent of the use of fingerprints in passports but is not the CCC’s only target. The group has called for help in obtaining the prints of other German officials, including Chancellor Angela Merkel.

Read on.

Article Link

The DHS now wants all 10 digits for foreign arrivals. Two fingerprints are apparently not sufficient anymore. Not too long until the probings begin I guess.

From the NY Times:

“This felt like, What else do you want from me?” Mr. Docx continued. “Pretty soon it’ll be a full naked body scan, with my irises and my DNA profile. It makes the honest visitor to America, of which 99.9999 percent coming through here are, feel unwelcome so you guys can catch the 0.0001 percent of people who are a problem.”

Mr. Docx and Mr. Hughes were among the first foreign travelers to undergo the Department of Homeland Security’s new 10-finger screening process, unveiled for the news media on Tuesday.

The system is being tested at nine other major airports in the United States and has been under some form of testing since 2004. It will be reviewed for final approval in December.

The previous Homeland Security system involved the recording of only the left and right index fingers.

If the new system passes muster, it will eventually be introduced almost everywhere there is a Customs officer — some 311 land, air and sea entry points, including those along the Mexico and Canada borders where visitors enter on foot or by automobile.

Officials said that the system would apply to the 80 percent of foreign nationals who are required to carry visas and are between the ages of 14 and 79. Diplomats and a few others are exempt.

I’m all for catching the bad guys. But I have to wonder, at what cost?

Article Link

The plan to roll out a national ID card for Brits has found itself moved off onto the back burner. The plan which was originally set to roll out in 2010 will now find daylight in 2012 instead according to leaked documents.

From BBC:

The Tories say the ID card scheme is “in the intensive care ward” but the government said the plan had always been to introduce them “incrementally”.

The timetable for ID cards to start being given to UK citizens over 16 has already slipped and the first ones are not expected to start being issued until next year.

From January 2010 everyone getting a passport will have to get an identity card as well, according to existing plans.

The entire idea behind this plan was to curb illegal immigration. But, that will be of little help as it will only be a short amount of time before the crads can be duped.

Home Office documents leaked to the Conservatives set out an illustrated timeline for introducing biometric ID cards.

Biometric ID…hmmm. I know I have seen this movie somewhere before.

Article Link

Tags: British National ID, Biometrics, Biometric Cards, ID Cards

From New Scientist:

Not content with running your computer, Microsoft now wants to read your mind too.

The company says that it is hard to properly evaluate the way people interact with computers since questioning them at the time is distracting and asking questions later may not produce reliable answers. “Human beings are often poor reporters of their own actions,” the company says.

Instead, Microsoft wants to read the data straight from the user’s brain as he or she works away. They plan to do this using electroencephalograms (EEGs) to record electrical signals within the brain.

The actual patent is here.

Article Link

Tags: Microsoft Mind Reading, Microsoft EEG Patent, Microsoft Patents

Biometrics have found their way into Gatwick airport. They have rolled out a pilot program to check fingerprints for arrivals from Sierra Leone.

The BioDev pilot has been running in the airport’s North Terminal since 18 September and is due to end in April next year.

At present only arrivals from Sierra Leone who have been issued with biometric visas in the capital Freetown will be included in the trial.

A Home Office spokeswoman explained that Sierra Leone was chosen because the main flight into Gatwick from the country arrives at a quiet time with a low number of passengers. This makes it logistically easier for immigration staff to trial the tech. In addition, citizens of Sierra Leone require visas to enter the UK.

On arrival, passengers will have their fingerprints and photos checked against a database by immigration officials, and those attempting illegal entry into the UK will be refused entry.

Article Link

Tags: Biometrics, Gatwick Biometrics, Physical Security