Acidus wrote:
At least in the "this is proof you are who you say you are" way.
A GAO investigator managed to obtain four genuine U.S. passports using fake names and fraudulent documents. In one case, he used the Social Security number of a man who had died in 1965. In another, he used the Social Security number of a fictitious 5-year-old child created for a previous investigation, along with an ID showing that he was 53 years old. The investigator then used one of the fake passports to buy a plane ticket, obtain a boarding pass, and make it through a security checkpoint at a major U.S. airport. (When presented with the results of the GAO investigation, the State Department agreed that there was a "major vulnerability" in the passport issuance process and agreed to study the matter.)
I've said this repeatedly during security presentations before: Biometrics simply tie a distinct physical person to an object. Biometrics say absolutely nothing about the validity of the information on that object.
This is a serious pet peeve of mine and it annoys me to no end that people are constantly confusing this point. Let me repeat: Biometrics use physical characteristics to relate a specific person to a document or object. Other means must be employed to:
1- Verify the information on the document
2- Prevent the document from being altered without detection
This GAO investigation is a perfect example of how a "biometricly secured" document was completely fraudulent. Privilege escalation in the real world baby!
Pointing this out is just going to accelerate the inevitable, which is DNA profiling at birth, and everything tying to that. It's just a question of how fast this happens. It'll prolly happen in Western Europe within the next 5-7 years.
