acm-header
Sign In

Communications of the ACM

Inside Risks

Fake ID: Batteries Not Included


It was only a matter of time. We've come to expect almost anything imaginable to be sold on late-night TV infomercials—from feel-good "health" bracelets to "get rich quick" real-estate schemes. So I shouldn't have been too surprised to stumble across a 3 a.m. full-hour ad for a firm offering biometric "appliances" (for legal applications only—the superimposed fine print notes—not responsible for customer misuse!).

I couldn't help but be reminded of an old "Twilight Zone" episode in which motherless siblings choose their desired component parts for an android "mother"—this color eyes, that color hair, the perfect musical voice. That's what this grotesque infomercial was selling: artificial fingers, false eyeballs, voice simulators, full-face latex disguises. And much more.

While the energetic announcer never came right out and said so, it was clear from the outset that the only possible real purpose for these devices was to defeat biometric identification systems. Admittedly, many such systems perform so poorly that it doesn't take rocket science to fool them, but the folks behind the commercial still made a very convincing pitch. They also appeared to be well versed on the current state of both biometric and associated spoofing technologies. The ad even made fun of the now infamous homemade "gummy bear" false fingerprint technique, noting how this firm's professional, custom-made fingers (with exchangeable fingerprint tips) were automatically maintained at perfect body temperature to fool most scanners (a pair of AAA batteries for heating the digit not included).

The false eyeballs for sale are apparently especially versatile, as it was shown how they can be held in the hand for either retinal or iris scanning units, or even worn (as a sort of half-shell) over the user's own eye(s) for scanners that are pickier about such configurations (the latter a scenario straight out of James Bond movies). The voice simulator device being promoted—obviously for defeating voice ID systems—was perhaps the most mundane device in the lot, but was still a pretty slick all-digital affair, designed to be both utilitarian and utterly inconspicuous.

At one point, it was suggested that a possible application for their products was for bad-spirited practical jokes. The ad's simulated demonstrations included a man who discovered that his fingerprints and iris patterns had been usurped and discredited by an interloper using those products. Realizing that he had no way to change his own biometrics, he chopped off his index finger with a Ginsu knife and stuck a shish kebab skewer into his eye in frustration. Really funny stuff, huh?

But it got even worse. In addition to their physical appliances product line, the same fine Bahamas-based firm offered what could only be described as a correspondence course in database hacking. They suggested that another type of fun could be yours by corrupting and manipulating biometric databases on either a small or large scale, all from the comfort of your home computer while sitting in bed. No false fingers or fake eyeballs required for this approach. Now that's entertainment (broadband Internet connection and Windows XP required).

By the end of this potpourri of identity horrors, my head was spinning. The commercial explained how to gather fingerprints to send in for finger fabrication, and noted how you could order a little infrared gadget that would collect iris and retinal data—even at a considerable distance without the knowledge of your target—for completing that aspect of your order. They even suggested that prospective customers "ask the operator" at the 800 number about "odor index" and "DNA fabrication services" that were also available.

It was with some relief that this nightmarish apparition of an ad finally ended, with a splash of garish synthesizer music and the usual promises of a money-back guarantee if not completely satisfied. If nothing else, I was again reminded of the risks of late-night burritos keeping me awake, and the mental hazards of tuning in satellite TV stations above channel 999.

As I finally tried to doze off, visions of dismembered fingers and spinning eyeballs still invaded my thoughts, and I couldn't help but muse on the implications of that 60-minute descent into the identification inferno that I had just endured.

For all of the promotional hype surrounding biometric ID systems, it's probable that they're actually setting the stage for a whole vast new range of abuses and problems, which will make us long for the "good old days" of passwords that could be easily changed when compromised. Perhaps the nightmare was actually only just beginning, after all.

Back to Top

Author

Lauren Weinstein ([email protected]) is co-founder of People for Internet Responsibility (www.pfir.org). He moderates the Privacy Forum (www.vortex.com/privacy).

Back to Top

Footnotes

Editor's note: This April Fool's edition of the "Inside Risks" column is intended for amusement purposes only.


©2006 ACM  0001-0782/06/0400  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2006 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: