Fingerprints and the new EU Entry Exit system

Status
Not open for further replies.

lustyd

Well-known member
Joined
27 Jul 2010
Messages
11,407
Visit site
Please tell us more I love listening to experts in their fields.
Sorry, the grownups are talking. Here's a cat picture to keep you entertained instead.

sub-jp-burger-2-popup.jpg
 

dolabriform

Well-known member
Joined
12 Sep 2016
Messages
1,784
Location
London / Suffolk
freewheeling.world
For those that believe that there is no danger in trusting biometric data to governments and that it's ok because it will make life easier, I really do believe that you need to take a deeper look into the systems involved.

I don't know LustyD, and I don't know what his / her field of expertise is, but a lot of what he/she says rings true, here for example is an interesting article on fingerprint, including a case where the evidence was thrown out of court:
The Myth of Fingerprints

The scope creep with biometric data is frightening, and the reliability on automated systems even more so. Computers are only as safe as the programmers that wrote and checked the code, and that is outsourced to lowest bidder most of the time. These systems are complex and impossible to be bug free. There is also the overwhelming belief that they must be correct, look at the post office horizon system for a great example of this.
Probably the most important thing that is overlooked is how secure these systems aren't. With more and more systems that should be air gapped using the public internet infrastructure for data transit because it's cheaper, the security becomes weaker as more attack vectors become viable. There have been so many vulnerabilities found in the hardware that connects all of this stuff together. The way this is being done to make everything more convenient for the users ,at the lowest cost, makes the possibility of a fire sale instigated by a state sponsored actor ever more possible.

I am not into conspiracy theories, and I love things that make ours lives easier, but one must look at true potential dangers of these systems. Fingerprints are not unique, and the ways of testing their uniqueness vary. One small bug in a system could cause misidentification, and that would be enough to cause a whole load of problems. If people trust these systems implicitly without any checks and balances, then they won't believe the system has made a mistake, just google the amount of mistaken identity cases there are. One case of wrongful identity and imprisonment caused by such a system would be unacceptable.

So putting all the conspiracy theories aside, we do not have the ability to make systems secure or reliable. Computer applications are inherently floored by their very nature as it's impossible to test every edge case. Add to this the cost driven nature of development due to the outsourcing and I just want to weep for the engineers trying to build these systems.

One just has to look at how long the application to replace the C1331 is taking. Now we can fill in a spreadsheet and email it. They've joined the 90's at last.
 

lustyd

Well-known member
Joined
27 Jul 2010
Messages
11,407
Visit site
One just has to look at how long the application to replace the C1331 is taking
I don't believe for one second that the C1331 replacement is taking time due to budget or complexity. An app to directly replace that functionality would take me an afternoon to create. I imagine that there have been various stages of scope creep along the way, along with Border Force saying things like "wouldn't it be nice if we also collected...". When it finally emerges it will be interesting which permissions it requests from the phone on install, and how functional it is if you deny position information.
 

Fr J Hackett

Well-known member
Joined
26 Dec 2001
Messages
64,496
Location
Saou
Visit site
For those that believe that there is no danger in trusting biometric data to governments and that it's ok because it will make life easier, I really do believe that you need to take a deeper look into the systems involved.

I don't know LustyD, and I don't know what his / her field of expertise is, but a lot of what he/she says rings true, here for example is an interesting article on fingerprint, including a case where the evidence was thrown out of court:
The Myth of Fingerprints

The scope creep with biometric data is frightening, and the reliability on automated systems even more so. Computers are only as safe as the programmers that wrote and checked the code, and that is outsourced to lowest bidder most of the time. These systems are complex and impossible to be bug free. There is also the overwhelming belief that they must be correct, look at the post office horizon system for a great example of this.
Probably the most important thing that is overlooked is how secure these systems aren't. With more and more systems that should be air gapped using the public internet infrastructure for data transit because it's cheaper, the security becomes weaker as more attack vectors become viable. There have been so many vulnerabilities found in the hardware that connects all of this stuff together. The way this is being done to make everything more convenient for the users ,at the lowest cost, makes the possibility of a fire sale instigated by a state sponsored actor ever more possible.

I am not into conspiracy theories, and I love things that make ours lives easier, but one must look at true potential dangers of these systems. Fingerprints are not unique, and the ways of testing their uniqueness vary. One small bug in a system could cause misidentification, and that would be enough to cause a whole load of problems. If people trust these systems implicitly without any checks and balances, then they won't believe the system has made a mistake, just google the amount of mistaken identity cases there are. One case of wrongful identity and imprisonment caused by such a system would be unacceptable.

So putting all the conspiracy theories aside, we do not have the ability to make systems secure or reliable. Computer applications are inherently floored by their very nature as it's impossible to test every edge case. Add to this the cost driven nature of development due to the outsourcing and I just want to weep for the engineers trying to build these systems.

One just has to look at how long the application to replace the C1331 is taking. Now we can fill in a spreadsheet and email it. They've joined the 90's at last.

You hinge your argument on the analysis of finger prints and the number of points used to determine a match, it may be flawed but when the number of points is 12 or over it becomes reasonably accurate, in the UK it is at least 16 points.
 

dolabriform

Well-known member
Joined
12 Sep 2016
Messages
1,784
Location
London / Suffolk
freewheeling.world
I don't believe for one second that the C1331 replacement is taking time due to budget or complexity. An app to directly replace that functionality would take me an afternoon to create. I imagine that there have been various stages of scope creep along the way, along with Border Force saying things like "wouldn't it be nice if we also collected...". When it finally emerges it will be interesting which permissions it requests from the phone on install, and how functional it is if you deny position information.

I completely agree, but I suspect that interfacing it into whatever systems they are trying to link up is probably taking time. If it was just to replace that form and bung it all into a database then it would take me slightly longer than an afternoon, with some testing thrown in.

I suspect they want it to auto scan criminal dbs amongst other things and fire alerts on various parameters to the relevant authorities. I very much doubt if the paper forms were ever checked to that extent, if at all.
 

dolabriform

Well-known member
Joined
12 Sep 2016
Messages
1,784
Location
London / Suffolk
freewheeling.world
You hinge your argument on the analysis of finger prints and the number of points used to determine a match, it may be flawed but when the number of points is 12 or over it becomes reasonably accurate, in the UK it is at least 16 points.

No, my argument is based on the fact that relying 100% on systems built to the lowest cost / highest profit by humans is a big problem.

You can count as many points as you want, but if the person / team who programmed the scanning algorithm has introduced a bug that is triggered by certain edge cases then that system is flawed. Or if one of the libraries or APIs that the system interacts with has a bug, then the system is flawed.

It is practically impossible to build complex systems such as this without any bugs, especially when the underlying technology used in a lot of gov projects is closed source and known to be bug ridden.
 

lustyd

Well-known member
Joined
27 Jul 2010
Messages
11,407
Visit site
You hinge your argument on the analysis of finger prints and the number of points used to determine a match, it may be flawed but when the number of points is 12 or over it becomes reasonably accurate, in the UK it is at least 16 points.
Accurate does not mean effective. That it recognises the same print every time and rejects others is not relevant to the issues with the system.
 

Fr J Hackett

Well-known member
Joined
26 Dec 2001
Messages
64,496
Location
Saou
Visit site
No, my argument is based on the fact that relying 100% on systems built to the lowest cost / highest profit by humans is a big problem.

You can count as many points as you want, but if the person / team who programmed the scanning algorithm has introduced a bug that is triggered by certain edge cases then that system is flawed. Or if one of the libraries or APIs that the system interacts with has a bug, then the system is flawed.

It is practically impossible to build complex systems such as this without any bugs, especially when the underlying technology used in a lot of gov projects is closed source and known to be bug ridden.

In the case of any doubt evidence can be and is challenged and for criminal prosecution fingerprint matching requires human cross checking and verification. The point of automation is to speed things up for 99.999% of most cases.
 

lustyd

Well-known member
Joined
27 Jul 2010
Messages
11,407
Visit site
No, my argument is based on the fact that relying 100% on systems built to the lowest cost / highest profit by humans is a big problem.

You can count as many points as you want, but if the person / team who programmed the scanning algorithm has introduced a bug that is triggered by certain edge cases then that system is flawed. Or if one of the libraries or APIs that the system interacts with has a bug, then the system is flawed.

It is practically impossible to build complex systems such as this without any bugs, especially when the underlying technology used in a lot of gov projects is closed source and known to be bug ridden.
More to the point, if there's nobody at border control to spot the gummy bear on my finger then why would I need a dinghy to cross the channel? An extremely accurate system will be trusted implicitely and used as an excuse to reduce head count. That's just how the world works. As you said, if that gummy bear matches a crime scene I would automatically be incarcerated until I could prove I was not at the crime scene.
 

dolabriform

Well-known member
Joined
12 Sep 2016
Messages
1,784
Location
London / Suffolk
freewheeling.world
In the case of any doubt evidence can be and is challenged and for criminal prosecution fingerprint matching requires human cross checking and verification. The point of automation is to speed things up for 99.999% of most cases.

Playing devil's advocate, how does that help the poor soul that is held in custody whilst this takes place? Can this process completely remove confirmation bias? As I say, look at the post office horizon case.

<tin hat>From a conspiracy theorists perspective, one would argue that any form of admittance by the gov that such a system made a mistake would undermine trust in it, so they wouldn't want that information to go public. </tin hat>

I am just trying to point out that whilst there is sense in having as much control of identity checking as possible, it is not without costs. Whether those costs are acceptable is a question for the individual.
 

dolabriform

Well-known member
Joined
12 Sep 2016
Messages
1,784
Location
London / Suffolk
freewheeling.world
Evil is a pretty emotive word to describe Covid passports. In France, at least, their raison d’être was about motivating the vaccine reluctant to get on and be vaccinated, and it has been pretty successful at achieving this.

What is rather more sinister when it comes to Covid passports is the role of certain social media platforms in steering people who have shown an online interest in anti-vax material towards sites that will sell them counterfeit passes. A study by the ISD has shown the likes of Instagram and Facebook to be enablers on this score, their algorithms actually recommending accounts offering fake sanitary or vaccination services, so if you are a person who has displayed an interest in Covid disinformation or anti-vax content, the algorithms will recommend more accounts offering fake passes.

I’m really not that concerned about the government having my fingerprints, whereas the nefarious activities of some platforms on the web, and the data that they gather and store about us seems to me way more sinister.

Those platforms are designed to keep you engaged as much as possible and therefore earn as much advertising revenue as possible. The more data they can get, the more money they can make. The platforms are not nefarious as such, it is the people manipulating them that are the problem. Programming a system that prevents that manipulation is a lot harder than it would seem.
 
Status
Not open for further replies.
Top