steveinnice
N/A
I can almost imagine you tapping the side of your nose as you say this.
Fingerprints and the new EU Entry Exit system
- Thread starter Lodestone
- Start date
- Status
lustyd
Well-known member
Unfortunately that's life on this forum these days. The mods are everywhere ?
lustyd
Well-known member
dolabriform
Well-known member
For those that believe that there is no danger in trusting biometric data to governments and that it's ok because it will make life easier, I really do believe that you need to take a deeper look into the systems involved.
I don't know LustyD, and I don't know what his / her field of expertise is, but a lot of what he/she says rings true, here for example is an interesting article on fingerprint, including a case where the evidence was thrown out of court:
The Myth of Fingerprints
The scope creep with biometric data is frightening, and the reliability on automated systems even more so. Computers are only as safe as the programmers that wrote and checked the code, and that is outsourced to lowest bidder most of the time. These systems are complex and impossible to be bug free. There is also the overwhelming belief that they must be correct, look at the post office horizon system for a great example of this.
Probably the most important thing that is overlooked is how secure these systems aren't. With more and more systems that should be air gapped using the public internet infrastructure for data transit because it's cheaper, the security becomes weaker as more attack vectors become viable. There have been so many vulnerabilities found in the hardware that connects all of this stuff together. The way this is being done to make everything more convenient for the users ,at the lowest cost, makes the possibility of a fire sale instigated by a state sponsored actor ever more possible.
I am not into conspiracy theories, and I love things that make ours lives easier, but one must look at true potential dangers of these systems. Fingerprints are not unique, and the ways of testing their uniqueness vary. One small bug in a system could cause misidentification, and that would be enough to cause a whole load of problems. If people trust these systems implicitly without any checks and balances, then they won't believe the system has made a mistake, just google the amount of mistaken identity cases there are. One case of wrongful identity and imprisonment caused by such a system would be unacceptable.
So putting all the conspiracy theories aside, we do not have the ability to make systems secure or reliable. Computer applications are inherently floored by their very nature as it's impossible to test every edge case. Add to this the cost driven nature of development due to the outsourcing and I just want to weep for the engineers trying to build these systems.
One just has to look at how long the application to replace the C1331 is taking. Now we can fill in a spreadsheet and email it. They've joined the 90's at last.
I don't know LustyD, and I don't know what his / her field of expertise is, but a lot of what he/she says rings true, here for example is an interesting article on fingerprint, including a case where the evidence was thrown out of court:
The Myth of Fingerprints
The scope creep with biometric data is frightening, and the reliability on automated systems even more so. Computers are only as safe as the programmers that wrote and checked the code, and that is outsourced to lowest bidder most of the time. These systems are complex and impossible to be bug free. There is also the overwhelming belief that they must be correct, look at the post office horizon system for a great example of this.
Probably the most important thing that is overlooked is how secure these systems aren't. With more and more systems that should be air gapped using the public internet infrastructure for data transit because it's cheaper, the security becomes weaker as more attack vectors become viable. There have been so many vulnerabilities found in the hardware that connects all of this stuff together. The way this is being done to make everything more convenient for the users ,at the lowest cost, makes the possibility of a fire sale instigated by a state sponsored actor ever more possible.
I am not into conspiracy theories, and I love things that make ours lives easier, but one must look at true potential dangers of these systems. Fingerprints are not unique, and the ways of testing their uniqueness vary. One small bug in a system could cause misidentification, and that would be enough to cause a whole load of problems. If people trust these systems implicitly without any checks and balances, then they won't believe the system has made a mistake, just google the amount of mistaken identity cases there are. One case of wrongful identity and imprisonment caused by such a system would be unacceptable.
So putting all the conspiracy theories aside, we do not have the ability to make systems secure or reliable. Computer applications are inherently floored by their very nature as it's impossible to test every edge case. Add to this the cost driven nature of development due to the outsourcing and I just want to weep for the engineers trying to build these systems.
One just has to look at how long the application to replace the C1331 is taking. Now we can fill in a spreadsheet and email it. They've joined the 90's at last.
Fr J Hackett
Well-known member
Twaddle
steveinnice
N/A
Watch out ,you'll get a cat meme sent to you for saying that. Here's one to keep on topic....
lustyd
Well-known member
I don't believe for one second that the C1331 replacement is taking time due to budget or complexity. An app to directly replace that functionality would take me an afternoon to create. I imagine that there have been various stages of scope creep along the way, along with Border Force saying things like "wouldn't it be nice if we also collected...". When it finally emerges it will be interesting which permissions it requests from the phone on install, and how functional it is if you deny position information.
lustyd
Well-known member
If you want to give it a try be my guest, but both B word and C word are banned on this forum along with any and all political discussion. We have a C word forum if you do wish to discuss that topic.
Fr J Hackett
Well-known member
You hinge your argument on the analysis of finger prints and the number of points used to determine a match, it may be flawed but when the number of points is 12 or over it becomes reasonably accurate, in the UK it is at least 16 points.
dolabriform
Well-known member
I completely agree, but I suspect that interfacing it into whatever systems they are trying to link up is probably taking time. If it was just to replace that form and bung it all into a database then it would take me slightly longer than an afternoon, with some testing thrown in.
I suspect they want it to auto scan criminal dbs amongst other things and fire alerts on various parameters to the relevant authorities. I very much doubt if the paper forms were ever checked to that extent, if at all.
dolabriform
Well-known member
No, my argument is based on the fact that relying 100% on systems built to the lowest cost / highest profit by humans is a big problem.
You can count as many points as you want, but if the person / team who programmed the scanning algorithm has introduced a bug that is triggered by certain edge cases then that system is flawed. Or if one of the libraries or APIs that the system interacts with has a bug, then the system is flawed.
It is practically impossible to build complex systems such as this without any bugs, especially when the underlying technology used in a lot of gov projects is closed source and known to be bug ridden.
lustyd
Well-known member
Accurate does not mean effective. That it recognises the same print every time and rejects others is not relevant to the issues with the system.
Fr J Hackett
Well-known member
In the case of any doubt evidence can be and is challenged and for criminal prosecution fingerprint matching requires human cross checking and verification. The point of automation is to speed things up for 99.999% of most cases.
lustyd
Well-known member
More to the point, if there's nobody at border control to spot the gummy bear on my finger then why would I need a dinghy to cross the channel? An extremely accurate system will be trusted implicitely and used as an excuse to reduce head count. That's just how the world works. As you said, if that gummy bear matches a crime scene I would automatically be incarcerated until I could prove I was not at the crime scene.
dolabriform
Well-known member
Playing devil's advocate, how does that help the poor soul that is held in custody whilst this takes place? Can this process completely remove confirmation bias? As I say, look at the post office horizon case.
<tin hat>From a conspiracy theorists perspective, one would argue that any form of admittance by the gov that such a system made a mistake would undermine trust in it, so they wouldn't want that information to go public. </tin hat>
I am just trying to point out that whilst there is sense in having as much control of identity checking as possible, it is not without costs. Whether those costs are acceptable is a question for the individual.
dolabriform
Well-known member
Those platforms are designed to keep you engaged as much as possible and therefore earn as much advertising revenue as possible. The more data they can get, the more money they can make. The platforms are not nefarious as such, it is the people manipulating them that are the problem. Programming a system that prevents that manipulation is a lot harder than it would seem.
Sandy
Well-known member
I was very, very careful at not using that phrase, but was tempted.
I had a farming friend who always introduced himself as, 'hello I'm John, a farmer, outstanding in my field'.
At his funeral it was mentioned in the eulogy.
Sandy
Well-known member
You might be surprised how grown up and technical I am. Feel free to PM me and we can discuss big data and all that jazz.
dolabriform
Well-known member
Lightwave395
Well-known member
- Status