Neil's News

Privilege Escalation

18 May 2015

The US Department of Homeland Security invited me down for a lengthy biometrics session. Multiple fingerprints, photos, height, weight, eyes, hair. Lots of fun. With this data they can then track my movements in the Land of the Free™. The joys of being a foreigner.

The problem is that none of this high-tech identification technology adds any security. Indeed, it actually reduces security. When I arrived the receptionist asked to see my driver's license. All the subsequent high-security biometrics now hinges entirely on one woman's opinion that one really bad laminated photo matched me. They really have very little idea who that guy who walked through their door this morning is. Next time I travel the ID they have for me is worse than the California driver's license it is based on.

In the computer security world we call this a privilege escalation attack. Each small security bug allows one to gain progressively more authority. If I choose, this biometric ID would eventually enable me to get a US passport.

Separately, one must also question the accuracy of biometrics. For example, here is Microsoft's attempt to guess my age in an old photo.

< Previous | Next >

Legal yada yada: My views do not necessarily represent those of my employer or my goldfish.