News item from Despatch Magazine Email Desk...
We have used Nef's exposes in a previous magazine re Missions and it
has been very sound...
we will include in separate emails some other reports related matters
from "Redy4battl" also a very reliable source.
(These were not included in the magazine but will be added here Online.)
...
digital fingerprinting.....smart
pen, biometrics
It's Nef - "spouting" again...please bear with me as I tell it... I sincerely don't know where to begin again, so will just give a narrative of what transpired here today.
I have been working in So. CA for the past two months, doing taxes and racing to meet the April 15th deadline that tax-work necessarily requires....I know I always seem to be struggling with being "too busy", but honestly, my life is just sort of "dedicated" to the fast lane... So, given that mindset, I was just steeped in my usual goal-oriented day, minding my own business, which BTW, was to configure a new computer here in So. Cal ....so my husband had flown down for the weekend to help with the conversion and he had run out to the store to pick up an extra "Syquest" 230mb backup cartridge, and I was pre-occupied with my day.... Thumbprints He came back, started into an install program for an "Adaptec" scsi board, and quietly notes in a tone I don't often hear from him (he is virtually unflappable as a personality style)...anyway he says too quietly, "I had a bad experience today at CompUSA..." The tone of his voice was all I needed...I got unusually quiet too, to meet his tone, and asked, "Oh?".....he continues, "They wanted my thumbprint to use my credit card..." My tone begins to ascend the scale, "What?" I ask, repeating it for no good reason, "What did you say?" "It's their "policy"", he informs me, "to obtain a thumbprint if you want to use a credit card or write a check..." I say an octave above where I started, "You're kidding of course?" (We had been in that store yesterday to make another purchase, and it was apparently NOT their policy then)
NOTE: no good reason to tell you this but as an aside, we have purchased nearly $5,000 in miscellaneous computer merchandise in this local area this past two months or so.....and a lot of it in this store...so we are familiar with their "policies" (we think)....anyway to continue my tale, "Honey" he continues, "I would not kid you about this, they would not take my credit card without my thumbprint..."
I am incredulous at this point, and begin to think on what he is saying to me...we discuss it for an hour or so (this is putting it mildly) .....sometime during this time I called the credit card companies: Mastercard and Visa
I spoke to the usual customer relations people that you would report any complaint to...they each assure me this is NOT, I repeat NOT a Mastercard or VISA directive, this is something that the local vendor (COMPUSA is a HUGE local vendor) has instituted on their own, and that they are acting independently of Mastercard and Visa to require the thumbprint...I ask for the Images numbers to Mastercard and Visa companies so that I might confirm that.....and am given them....
The support personnel at both Images companies both assure me that they are NOT requiring a secondary identifcation to the signature on the back of the card and in fact that the vendor is in breach of their policy which clearly states that unless there is a local law requiring the second ID (they cant superceed law with their policies - understandably)...the vendor is out of line and CAN NOT require it. The person I spoke to at Mastercard assures me I will receive a copy of the complaint which has been filed, in a week or so, and that they will be following up on it immediately.
Armed thus, I go back to CompUSA (located on Central Avenue in the town of Montclair CA) and select a 50-pack of disks to purchase.I approach the checkout stand in time to see two others in front of me stick out thei thumbs, when asked, and without so much as a whimper, submit themselves to the thumbprinting, which they are told is to "protect" them. Their thumbprint is placed on the sales slip right next to their signature, which they have also given....They are told the ink will disappear in a few minutes and they don't even have to wipe it off. They are given a copy of a "notice" about what they are informed is "the new policy". Neither of them even appeared to notice the procedure, much less to resist it or complain...they literally barely took note...I was stunned.
I let the cashier ring up my purchase and handed her my Mastercard...she informs me that they have a new policy that requires thumbprint ID to use a credit card or to write a check, and attempts to give me the notice. I say that I do not "care to participate". She doesn't seem to understand what I said, and I repeat it. She apologizes and says it is "required"....I ask to see a manager...she calls her. I speak with her a few moments, and she reiterates that it is their "policy" and that I must give my thumbprint to use my credit card there. I inform her that I have spoken to Mastercard and that they do not require that information and in fact that CompUSA is in breach of their agreement to display and utilize the Mastercard logo if the ask for additional ID than the signature on the back of the card. The supervisor very quietly says to the cashier, "go ahead and take it", the cashier says, "what?", the supervisor says, "take her signature", the cashier says, "on what?". I interject "I will sign the saleslip, that is all that Mastercard requires..."
I am allowed to complete my purchase and to leave the store having signed only the usual sales ticket.
I wish the story ended there, but on my way out the door, the security guard (who had immediately come to the side of the cashier during our quiet transaction and reImagesed there until the manager resolved it in my favour) began to tell me how it was all being done for my "protection" ....after some "give and take" another manager came to get involved and they both just exasperated me by saying - seriously - this is what they were BOTH saying, "We are just doing what we are told"....and, "...this is the policy, we are just taking orders...", "We don't make the decisions, we are just doing what we are told..." Like Germany - 1930s,1940s I looked them both in the face and said that was exactly what the German's said in the 1930's and 40's". The Aryan (co-incidental I'm sure, blond scandanavian descent appearing) security guard at the door begins to escalate in his response, "You can hardly compare what we are doing here today to the horrible acts that were committed in the holocaust",
I'm sorry, but I could not resist, I turned to him, looked him straight in the eye and said, "Yes, I can..."
A few other "gives and takes", and frankly, I could not bear it all anymore, and left feeling completely laughable ....noting that several had gathered around (CompUSA employees - apparently to see the "freak")
Feeling not-too-high-tech anymore, I leave, the object of derision feeling rather "bruised" the rest of this day....round one is over...don't know that I will "answer the bell" for round two. After all, you have to "choose your battles", and I can still get cash from the bank and make my purchases that way, as long as I don't withdraw too much (over 1000 dollars) and have to sign one of those other forms I have been avoiding (you know, the ones the IRS requires if you take too much- as far as they are concerned -cash, - money from your OWN ACCOUNT ), but that's another story, and another scene on another day. _____________________________________
You might ask why I should "balk" at the thumbprint as an ID.
1. there are ways digitally to use that thumbprint in a computer to validate other receipts for purchase that I did not make, obstensively to "protect" me from credit card abuse, this system would place my unique "identifier" in a databank which any decent hacker or computer literate employee of CompUSA or any other store could use to their own end.
2. According to Murphy's law, this digitized "thumbprint" most probably WILL be used at the worst time in the worst possible way....i.e. by a criminal...perhaps even at the sight of a crime, where, thanks to the CNC (cad) programming capabilities of today's manufacturing computers, my thumbprint will have been processed into a rubber-stamp (overnight express mailed for $35) which has been used at the sight of the crime to leave "proof" of my having been there....
Actually the scenarios grow worse after more contemplation.... think about how much of the police state mentality we have already been co-erced into adapting....like when you enter a Costco store or a Fedmart, or other warehouse-type discount store, and you show your ID to enter the store, you show your ID at the cash register, and you show it again at the door.....just to make a purchase at a store...will I be required soon to be fingerprinted? When did America become such a "police state" at the door? And for this scrutiny we comfort ourselves with a "discounted" price.
We have adjusted beautifully to this mindset...and now because of "terrorism" we happily turn over our belongings at the airport to an unsmiling guard who searches us, and our bags at will...and we THANK them for it.....and feel safer for the invasion of our privacy.
Those guard-posts in the far corners of mall parking lots still are disconcerting to me....but you know the media "truth", there are "drive-bys" and "gang-violence" to rationalize away the distinctly "prison" motiff....guard towers! In America! Aghhhh!
Just think, all it takes is a plane or two a year horrendously blown up mid-air, and the entire population happily submits to what would have been considered illegal search and seizure just ten short years ago.
One federal building bombing, and we petition our legislators to take away our rights. No war was ever won with fewer fatalities.....this media-fueled propaganda campaign has effectively herded the sheep of this nation into the pen of totalitarian control with only a few dissenting voices. The surveillance hardware has been moved into place (seen any police satellite towers in your town lately?), the swat teams are fully trained, the freeway chase scenes are common, the commando tactics of neighborhood guerilla warfare are daily - I repeat - daily news....and we are mentally prepared by the "senseless, "random" quality of the violence, to expect and prepare for tanks and machine guns to begin a seige next door if the day happens to bring it... The voices of resistance have been few- all of course that we are allowed to hear about are the"radical fundamentalist militia members" who resorted to crime to defend their "right-wing" positions....
Nowadays, and I haven't missed this, the armed (or not armed) guard stands at the door of most high-tech stores, and search your packages upon exit...usually in plain view of the checkstand where you openly and obviously have just purchased a 2,000 dollar computer.....the grinning salespersonnel are still beside you (having become your closest friend in the hour preceeding the purchase)...yet, you still submit your sales slip at the door and pray the alarm won't turn every head in your direction as you pass through the barred gateway that surrounds the entrance....
Speaking of which, the new post office in a town near my home has those ugly gates at the entrance, ever reminding us the "terrorist mindset" is at large - from without as well as within. It is a well-known fact that our trusted civil servants at the postal service are statistically more prone to mass murder in the workplace.
Anyway, I am afraid the American public is being duped, the terrorist mindset has seized the government, and we, like sheep are being led to the slaughter.....
In conclusion, we won a minor battle at a check-out stand today, but my heart tells me that in a war-room far removed from the scene .... the outcome has already been decided. Thumbprints it will be, and a whole lot more before we are done with the movement that is implementing this plan for our future.
Thanks for listening again to my "spout" Nef
For your Information and files, here follows the notice that was handed
each person at the CompUSA cash register here today:
___________________________________
CompUSA's "Thumbs Up" Program
___________________________________________
Why do we require a thumbprint
when using a check or credit card as form of payment?
____________________________________________
* The entire emphasis of this program is to protect the public from
check or credit card fraud, thereby lowering merchant costs, and utimately,
prices.
* We will not process or examine your thumbprint unless the check is returned NSF, account closed, or stop payment.
* Customers can feel safer knowing that nobody else can use their credit card or checks illegally. * We are simply asking you to "personalize" your check with a unique endorsement with NO MESS.
* Police are asking all merchants to participate.
=============================
pheww! this makes me break into a sweat.....aren't you glad big brother
is looking out for you tonight? My new survival goals for AD2000 include
keeping a plentiful supply of hip-waders, shovels, and some non-conductive
earrings for travel More later, Nef
Subject: fwd: digital identification at our finger tips
Date: Fri, 28 Mar 1997 11:02:25 -0500 (EST)
From: Rdy4Battle@aol.com
To: despatch@mail.cth.com.au
Extract from newsletter...ray673@best.com
March 24, 1997, Issue: 946 Section: News
Digital identification: It's now at our fingertips By Larry Lange and George Leopold
Arlington, Va. - Fingerprint-identification technology is poised to make the first big splash in biometrics, the science-once called futuristic-of using digital methodologies to identify individuals based on their physiology. Beyond the tips of the fingers, a person's eyes, hands, voice, face and even facial temperature are all candidates for one day replacing PINs and passwords, according to participants at the recent BiometriCon '97 here.
As two dozen vendors hawked digital identification wares for fingerprint, iris, voice and face recognition-and protesters outside the conference hall warned of "Orwellian scenarios"-technical meetings showcased the promise and problems of this fledgling field. The event, sponsored by the National Computer Security Association, also addressed the pressing need for standards, with major announcements from the National Institute of Standards and Technology and Novell Inc. They offered authentication and API solutions, respectively (see sidebar)
The need to send biometric data securely over networks is also being addressed in new forms of data scrambling called biometric encryption, which attempts to address authentication gaps in current cryptographic schemes. Suppliers painted a picture of data whizzing across the Internet and corporate intranets.
Biometric technology is mushrooming because security breaches, fraud, unauthorized entry and simple human administrative errors are becoming bigger and bigger problems in many industries. False acceptance at ATM machines alone runs about 30 percent, resulting in billions lost or stolen annually. Reports estimate worldwide fraud at $2.98 billion a year, and MasterCard reports over $450 million in losses annually. It's no surprise that biometrics is catching on with banks, credit-card firms, hospitals, government agencies and law enforcement.
For government, biometrics could help the massive shift to electronic benefits transfers. The Clinton administration has announced plans to shift to such transfers as a way to cut welfare fraud and reduce overhead as sweeping changes in U.S. welfare rules are implemented. Electronic transfers were a key reform in a February report released by Vice President Al Gore on streamlining delivery of government services.
And immigration officials are leaning toward biometrics such as hand-geometry and facial-recognition systems to speed and tighten border checks and airport security. The U.S. Immigration and Naturalization Service is incorporating a range of biometrics into its operations, as are a handful of airports in places like Taiwan (fingerprint database), Brisbane, Australia (face recognition) and Frankfurt, Germany.
Fingerprints first
Fingerprints will come first, said conference goers, since using them builds on automated fingerprint-identity systems already widely employed by the police and FBI. "The biometric that is the strongest contender to become the de facto standard is the fingerprint," said Ann Brown, vice president of Mytec Technologies Inc., which uses a fingerprint scanner with its biometric encryption system. Proponents cite reliability, ease of use, non-intrusiveness and the difficulty of cosmetically altering fingerprints without detection.
In fact, the government already uses fingerprinting to prevent welfare fraud and track criminal aliens and refugees.
Spain is setting up an automated welfare plan that represents the largest biometric application to date, using fingerprint scanners made by Identicator (San Bruno, Calif.). Unisys Corp. (Alexandria, Va.) is systems integrator. So far, about 7 million Spaniards are enrolled.
Taking fingerprinting one cyberstep further is Biometric Tracking L.L.C. (Kansas City, Mo.), which has Java or Netscape browser-enabled "biometric plug-in" software that filters biometric verification over the Net. "Web resources can be protected with an interactive dialog box that issues a query to a database on the Web, which then transfers the fingerprint profile," said Thomas Flynn, the firm's vice president of technology.
Others at the conference insisted that other methodologies offer more robust solutions. The J.P. Morgan investment company and Japanese investors have plunked down millions to back iris-scanning technology for use in banking applications. IriScan Inc. (Mount Laurel, N.J.), which holds the exclusive patent on iris recognition, makes hardware and software for such identification.
"Fingerprints have 60 different forms of variations from which to compare and analyze," said Kelly Gates, marketing manger at IriScan. "But with 400 discriminations available, an individual iris structure is six times more unique, stemming from embryonic genetic development. In the entire human population, no two irises are alike."
IriScan is working with British Telecom on telecom-related security, and with Oki Electric Industry Ltd. in Tokyo, a leading ATM supplier, which wants to replace PIN numbers and signatures.
Retinal recognition is also being developed for the Internet. EyeDentify Inc. (Baton Rouge, La.) makes a device to recognize retinal vascular patterns. It needs a storage base of only 96 bytes per user. The company also offers a host system that can integrate retinal-scan biometrics into a network, including one based on the Internet's Transmission Control Protocol and Internetwork Protocol.
Voice recognition for telephone authentication is being explored. by Votan Corp. (Pleasonton, Calif.). Its architecture uses extraction and pattern-matching algorithms running on a DSP chip, and proprietary pattern processing on a VLSI chip.
The system needs a scanner and smart "voice card," but Voton is looking ahead to the Internet. "A data-access verification system may be configured as a verification server installed on a digital network, via an external LAN using TCP/IP," said Voton product manager Graeme Kinsey.
Facing the ID
Identification Technologies International Inc. (Coral Gables, Fla.) uses face identification in a system called One-on-One. Photographic images are digitized, creating a numerical "facial signature" that is encoded on a chip. At the security site, the owner inserts a smart card into a reader, and a camera captures facial data and compares it to that in the card-all in less than a second. The One-on-One system can also be transferred over a TCP/IP network.
Going a step further is the Unisys "thermogram" technology, which produces an image from infrared light radiated from the temperature of a face. "The heat is radiated from below the skin, in the capillaries, bones and tissues," said Unisys technology director Fred Herr. "These patterns of different temperatures relative to each other across the image of the face reImages constant. They don't change over a life. It's a very reliable biometric."
Meanwhile, several protest groups showed up at the conference to warn
of the potential for abuse inherent in government and corporate control
over large databases of biometric IDs. "The advent of biometrics means
simply this," said a representative of Sovereignty International Inc. (Bangor,
Imagese.): "the bitter end of what's left of the world's privacy."
Subject: fwd: smart pen
Date: Fri, 28 Mar 1997 11:02:20 -0500 (EST) F
rom: Rdy4Battle@aol.com
To: despatch@mail.cth.com.au
Extract from newsletter...ray673@best.com
Biometric update
Smart Pen To Catch Forgers By Erik Vlietinck
HANNOVER, Germany -- A computerized "intelligent pen" that uses biometric technology to spot even a perfectly forged signature made its first public appearance Friday at the CeBit trade show in Germany. The LCI SmartPen device is a ball-point pen fitted with sensors that let a computer authenticate its user's identity by examining the biometric characteristics of their signature. The biometric characteristics recorded by the pen are transmitted by radio signal to a host computer. By monitoring even the smallest movement of a user's hand as he or she writes, the device builds up hugely detailed biometric profiles of users.
Someone wanting to make an important financial transaction would sign their name using the SmartPen, which would then compare the details of their hand movements with a biometric profile already stored on a database. If the two don't match, the pen alerts the bank to a forgery -- even if the signature appears genuine.
The technology behind the device was developed by the IMEC research institute in Leuven, Belgium. LCI Computer Group, a Dutch developer that licensed the technology, launched the SmartPen at the CeBit trade fair in Hannover, Germany on Friday. IMEC and LCI said the pen offers fool-proof and unequivocal identification of its users.
"As the SmartPen writes on a piece of paper on a flat surface, the pen tip will travel through 3-D space near the paper. The pen tip's trajectory, as calculated, will be a 3-D curve lying around the writing surface. The curve incorporates unique characteristics of the writer," said Professor Roger Van Overstraeten, president of IMEC. "Signature verification with the SmartPen does not depend on the graphic image of the signature, but on the dynamics of the act of signing."
Since SmartPen is effectively a miniature computer, the decvice could be used for remote user authentication over the Internet and private networks, as well as in banks and offices, according to LCI's chief executive Sam Asseer.
The SmartPen device contains all the processing power needed to calculate the 3D trajectory. It has sensors, a mouse, a digital signal processor, a radio transmitter and receiver, and an encryption system built in.
An important difference with traditional signature verification technology is the fact that the pen is intended to be used on normal paper, and does not require a special digitizing "tablet". It therefore enables people to write with it as they are accustomed to. Until now, signature verification implied having a pen or digitizing "tablet" attached to the computer.
The unit price of the production version will range from US$50 to US$250, depending on the features.
"SmartPen will forever impact the way electronic commerce is conducted, particularly over the Internet. By authenticating the author of a transaction, the act will become undeniable," Asseer said. Financial institutions and health care industry organizations have already expressed an interest in the product, he said. Firms considering commerce on the Internet and companies dealing with network security are also interested, he added.
A recent Gartner Group s report predicted that adopters of computerized signature verification technology would include the medical and pharmaceutical industries and government departments. Gartner also mentions check cashing, welfare or social security, retail transactions and computer application security.
LCI will spend the next two years developing software for additional
application areas, Asseer said. The company intends to be "conservative"
in the initial stages of marketing the device, in order to ensure successful
implementation in selective markets, he added.
.
RETURN TO
Images DESPATCH T.O.C.
.
Click
Here
despatch@mail.cth.com.au