Sunday, November 25, 2007

Time for a little Humble Pie

In a recent discussion (on the fantastic Liberal Conspiracy site) involving the now infamous two CD's and 25 million names, I argued that it doesn't follow that ID cards will be insecure, I also argued that ID cards would still help in a situation like this. One point I made was in the way that biometrics made the system more secure.

This Saturday's Bad Science column did cast a fair bit of doubt on the security of Biometrics, pointing out the well known fake fingers story as well as several other pieces of evidence. More interesting though was the final paragraph on mentioning a paper on creating a fingerprint from the minutiae data. I did cast doubt as to whether it was possible to turn fingerprint data into a working fingerprint, clearly it is, so it appears that on that score I was wrong.

I don't think however that this is necessarily the death of biometric ID cards, getting hold of an ID card/creating a fake and also matching set of fingerprints is still going to be very hard to accomplish. It seems clear however that the amount of data stored on the actual ID card chip may need a rethink.