more on RIAA wants your fingerprints

[David Farber <dave () farber net>]

Begin forwarded message:

From: Thomas Shaddack <shaddack () ns arachne cz>
Date: August 9, 2004 6:34:03 AM EDT
To: David Farber <dave () farber net>
Cc: "Henry J. Boitel" <boitel () MINDSPRING COM>, Ip <ip () v2 listbox com>
Subject: Re: [IP] 2 more on RIAA wants your fingerprints


> From: "Henry J. Boitel" <boitel () MINDSPRING COM>
> Date: August 8, 2004 10:23:36 AM EDT
> To: BIOMETRICS () PEACH EASE LSOFT COM
> Subject: Re: RIAA wants your fingerprints
> Reply-To: The Biometric Consortium's Discussion List
> <BIOMETRICS () PEACH EASE LSOFT COM>


It should be possible to fool it en-masse. Just publish a high-res image
of a fingerprint, which then can be downloaded and used to make a fake
gelatine or latex one. Voila - "Master-key finger", working worldwide. 
It
doesn't even have to be an original person fingerprint - it can be made 
in
an image editor or generated by software; anything that can be easily
duplicated and makes the sensor think it's a fingerprint will do.

No more worries that a finger or hand injury will lock you out of your
music. (Even a band-aid-grade cut on the wrong fingertip could be a
problem.) No more trouble with registering more-than-allowed 
fingerprints
for friends in a dorm.


There is one more, possibly more important, question: Why I, the 
Consumer,
should want to buy a device that is more complex than the "unprotected"
players, has more dependencies, more parts to get broken, more chances 
to
inconvenience the user? A device that has encrypted outputs, which are
potentially incompatible with lots of other consumer equipment,
dramatically limiting my choice of peripherals? A device that prevents 
me
from relatively easily making a copy of $whatever for a friend (or 
getting
a copy from a friend), like it used to be possible for ages, with
everything from casettes to videotapes, which is likely to be perceived 
as
a major inconvenience?

The biometric approach makes some limited sense for things like personal
photo/video/audio diary or personal videos you want to limit access to, 
so
there really may be some limited market demand for it. (But then it'd be
better to have biometrics only as part of authentication system, as in 
tis
current form it is rather weak and obtaining a person's fingerprint for
duplication is possible, using eg. a wine glass. Still, it is enough to
stop an undetermined attacker. But then, a 4-digit PIN can achieve the
same.)

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/