<<< Date Index >>>     <<< Thread Index >>>

[IP] more on RIAA wants your fingerprints





Begin forwarded message:

From: Thomas Shaddack <shaddack@xxxxxxxxxxxxx>
Date: August 9, 2004 6:34:03 AM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: "Henry J. Boitel" <boitel@xxxxxxxxxxxxxx>, Ip <ip@xxxxxxxxxxxxxx>
Subject: Re: [IP] 2 more on RIAA wants your fingerprints


From: "Henry J. Boitel" <boitel@xxxxxxxxxxxxxx>
Date: August 8, 2004 10:23:36 AM EDT
To: BIOMETRICS@xxxxxxxxxxxxxxxxxxxx
Subject: Re: RIAA wants your fingerprints
Reply-To: The Biometric Consortium's Discussion List
<BIOMETRICS@xxxxxxxxxxxxxxxxxxxx>


It should be possible to fool it en-masse. Just publish a high-res image
of a fingerprint, which then can be downloaded and used to make a fake
gelatine or latex one. Voila - "Master-key finger", working worldwide. It doesn't even have to be an original person fingerprint - it can be made in
an image editor or generated by software; anything that can be easily
duplicated and makes the sensor think it's a fingerprint will do.

No more worries that a finger or hand injury will lock you out of your
music. (Even a band-aid-grade cut on the wrong fingertip could be a
problem.) No more trouble with registering more-than-allowed fingerprints
for friends in a dorm.


There is one more, possibly more important, question: Why I, the Consumer,
should want to buy a device that is more complex than the "unprotected"
players, has more dependencies, more parts to get broken, more chances to
inconvenience the user? A device that has encrypted outputs, which are
potentially incompatible with lots of other consumer equipment,
dramatically limiting my choice of peripherals? A device that prevents me from relatively easily making a copy of $whatever for a friend (or getting
a copy from a friend), like it used to be possible for ages, with
everything from casettes to videotapes, which is likely to be perceived as
a major inconvenience?

The biometric approach makes some limited sense for things like personal
photo/video/audio diary or personal videos you want to limit access to, so
there really may be some limited market demand for it. (But then it'd be
better to have biometrics only as part of authentication system, as in tis
current form it is rather weak and obtaining a person's fingerprint for
duplication is possible, using eg. a wine glass. Still, it is enough to
stop an undetermined attacker. But then, a 4-digit PIN can achieve the
same.)

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/