Friday, April 6, 2012

The day when fingerprints rule out from being an evidance


The day when fingerprints has rule out from being an evidence
Introduction
I'm wondering what's can be done for stopping burglars from stealing from places biometric databases
I'm wondering what is the value of biometric data which belongs to 20,000 people.
As I know, and after speaking with a friend which work in a place that have an online and offline biometric databases as well as many other companies and places (from laptops to doors,companies and many more product) fingerprints it's a good tool to recognized people identity.

According to Wikipedia:

       Track record

Fingerprinting has served all governments worldwide during the past 100 years or so to provide accurate identification of criminals. No two fingerprints have ever been found identical in many billions of human and automated computer comparisons.[60]Fingerprints are the fundamental tool for the identification of people with a criminal history in every police agency.[5] It remains the most commonly gathered forensic evidence worldwide and in most jurisdictions fingerprint examination outnumbers all other forensic examination casework combined. Moreover, it continues to expand as the premier method for identifying persons, with tens of thousands of people added to fingerprint repositories daily in America alone far more than other forensic databases.
In the recent years, the idea behind loosing privacy has been changed, and now people don't care about it like the past,it's not something strange to share you life,and Facebook is the ultimate example of why the concept of 'Privacy' has to be change.
Thinking behind the box
          What's gonna be if someone will  share his own fingerprint, with no name on it?
We can found very easy recording of people who burn there own ID or PASSPORT, but what about sharing them?
If you share your own fingerprints you can change the whole picture, systems won't be able to know if that you or your friend (they can try)



In my opinion in the time that doors have a locked based on offline biometric database, which can be extract (worker ID and fingerprint) and then the identity is being lost or at least can't be use again based on fingerprints only  we should start thinking again about using fingerprints so often.
I do think that we should avoid privacy from being lost, but in the same time I'm thinking about more situations
Simulation
1. Play one – The day after a huge amount of fingerprints will be lost
There is a super-market  with 50 workers with an offline biometric access between doors, the warehouse has been broken and the fingerprint biometric database has been stolen or just copied, someone bought the database and upload it to the internet with all the info.
A year later a thief did a crime and used a fake fingerprint with one of the workers fingerprint's
 Can one of those fingerprint might be as an evidence in the court?
While thinking about the subject I have realized that if someone will hack database of 500,000 people, this tool will change for ever as a legitimate law of this kind of tool to recognize people criminals which are suspect of crime

Can we take the risk?

2. Play two – Sharing private info instead of avoiding losing

After realizing the first one I got an idea, assuming that finger print is public knowledge what can be done with that?
So lets be creative, now we can open a public database that people will share there own biometric data with the public like bugmenot.com
In this website people are sharing there own user and password so others wont have to register for random websites and then when  a finger print will be found in a crime scene ,the conviction will be avoid if it will be based on the finger print with no extra support .
It's like an insurance for people who do crime for living.


I do know that electronic biometric database won't give you all the  info you needs to fake fingerprint's, but since people can share there own fingerprints they can do it with a scanner as well.
Imagine a place that let people to share there identity for free with others by scanning it. 

3. Play three – Public fingerprints database of crime cartel 

Some of the main target in the crime scene which is leader of the biggest drug cartel is being arrested of killing two people, he did a mistake and didn't hide the gun well.

Two years before, the crime cartel got an idea from hackers who helping them, the idea was simple: instead of hiding the fingerprints with gloves, they can steal 100,000 people fingerprint from workers clock in/out and then add to this stolen database to the cartel fingerprints database.
The next act was to share the database in the Internet so anyone will be able to fake with it his fingerprint's.
The idea got spread to many other cartel and crime members together with privacy freedom fighter has been start to share there own biometric info, included fingerprints.
Back to the court, the judge got an new breakthrough claim from the suspect's lawyer, "the fingerprint is in public database for two years,and any one can use it " the judge in the first time in the history declaim the fingerprint as proof for the crime since public data can't be an evidence of one person..

4. Play four – Creating innocent product that stealing biometric data

A new company of hackers got an idea, let's build product that will steal people fingerprints.
The first step was to build handles with hidden fingerprint readers


With the built in reader they picked up the results and send it by radio signal for later use.
Some time to open doors, and sometime to steal companies workers databases without attacking any secure database of the company

After time the stolen database has been stolen again and published in the internet, the victim companies had to stop recognized worker with finger print reader.
5. Play five – stealing fingerprint's and DNA in the same time
Since fingerprints readers are very similar to ATM which are being used in banks, a designer got an idea, why don't we create an fingerprints scammers?  just like ATM scamming but the data will be fingerprints and DNA.
A system that looking just like the front of the finger print reader can be attached to the original one, by that we will be able to steal the fingerprints and the DNA of the victim in the same time.
6. Play six – sharing or stealing people faces
In the recent years faking people faces became more and more simple,
since that many systems are using cameras to recognized the area, we can create masks of ourselves as well as others and by that even faces wont be a strong evidence like the past.
Since we can share our biometric database, we can share our faces as well so other can use it and we the thief will stay out of jail.

Into conclusion

I'm not the fan of loosing privacy, and I wont build a database with finger prints based on stealing hardware,databases or public knowledge.

Yet, while using fingerprint for so many years as a tool to fight crimes, like a murder, or just for clock in or out ,we should realized that new technology or systems can avoid us from keeping the traditional uses of this kind of tool in the future.
I think that in the future people finger print will be stolen by meaning.
I'm sure that this can be done right now

  If fingerprint is not enough so lets do the same with faces, now think again about the consequence


:For extra read