[LINK] Hacker backs DNA database

Roger Clarke Roger.Clarke@xamax.com.au
Wed, 18 Oct 2000 11:46:10 +1100 

Further to:

Says Kevin Mitnick, just released from a US jail:
> "I think the government has to establish some sort of central
> database that uses biometric identifiers, such as your DNA, that
> can label you as you. This might eliminate a lot of identity theft,
> because anyone can apply for credit by supplying information over
> the phone."

From: Luke Burton <lburton@inter-touch.com>
>W.r.t the DNA database, I believe it would be a positive thing, provided
>it operates under suitable guidelines.  ...

richard@auscoms.com.au (Richard Chirgwin)
>> ... the incredible intrusion involved in DNA as authentication.  ...


Any biometric is an extraordinarily dangerous measure, because it's the
equivalent of a PIN that can't be changed.  Lose it once, and you're
forever subject to masquerade by each person or organisation that gains
access to it.

Any id or authentication scheme that involves storage of a biometric
*anywhere* is fraught with enormous risks, which will mainly rebound on the
person, not the organisation.

To overcome that problem, biometrics should *only* be stored in secure
devices carried by the individual.  For the foreseeable future, that means
a chip, embedded in, at present, a plastic card, and in the future in
alternative carriers like rings.  See:
http://www.anu.edu.au/people/Roger.Clarke/EC/VADER.html

There's a strong argument that even a personal chip should not carry a
biometric itself, but only the outcome after it's been processed using an
appropriate one-way hashing algorithm (which precludes re-construction of
the original from the hash).

Accompanying this must be a legal prohibitions against:

(1)  the manufacture, installation and use of devices that capture any
     biometric, *unless* they include strong security techniques to
preclude the
     biometric being captured or stored;  and

(2)  the creation or maintenance of a database of biometrics.

Will this prevent any abuse ever occurring?  Of course not;  but it will
make clear that these activities are illegal, and place substantial
obstacles in their way.

If this seems to be a bit challenging, hopeful or idealistic, consider the
approach adopted with the 4-digit and 6-digit PINs used with ATM and debit
cards:  secure PIN-pads comply with the above specification;  and financial
institutions do *not* store databases of PINs.  Consider also the approach
adopted to secure passwords.  (The fact that passwords in MS systems, and
so-called PINs in Telecard schemes, are non-compliant with the
specifications merely shows that relatively secure mechanisms are entirely
feasible, but not all scheme designers use them).

So :  what do I think about the biometrics databases being merrily compiled
by law enforcement agencies nationwide, with Amanda Vanstone acting as
front-person and primary source of funding?  It's nominally about
prisoners, but of course it's capable of being widened to ex-prisoners,
suspects, prison visitors, whole regional populations when an excuse arises
like a rape in a country town, etc.

Such databases are extraordinarily dangerous, because law enforcement
agencies are among the very likely abusers of such data-holdings.

Finally, to DNA in particular.

DNA is in one sense just another biometric.  But its dangers are much more
serious than other biometrics, for at least the following reasons:
(1)  it's intrinsic to the person;
(2)  its collection involves the physical invasion of the person in the
form of
     capture of body-tissue or fluids;
(3)  current techniques are not by any stretch of the imagination
deterministic,
     but rely heavily on probabilistic methods, and an obscure population;
(4)  at any given point in time, science will associate various forms of
     prediction (some tanatamount to pre-destination) with particular parts of
     DNA.  (Like all 'science', it's a question of fashion, and the
predictions
     will change over time, sometimes subtly, and sometimes in major shifts).
     This will give rise to very substantial discrimination and downright
     bigotry, both of an economic nature (e.g. health insurance) and social.
     Stott-Despoja's Bill seeks to do something about that, but is being met by
     blanket incomprehension.

For an interview on biometrics and public policy, see:
http://www.biomet.org/001003_privacy_interview.htm

Here endeth the impromptu sermon.  I reserve the right to refine the above
sometime (partly in response to constructive criticisms from members of the
communities I participate in), because it's straight off the finger-tips -
an early sketch of a paper I haven't had time to actually write yet ...


Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke@xamax.com.au            http://www.xamax.com.au/

Visiting Fellow                       Department of Computer Science
The Australian National University     Canberra  ACT  0200 AUSTRALIA
Information Sciences Building Room 211       Tel:  +61  2  6249 3666