NET KNOW-HOW WITH DAVE KEARNS By Dave Kearns Biometrics: security savior or privacy violation? In the aftermath of September 11, many people have been quick to indict U.S. airport security as somehow lax and error prone. Yet no one has even suggested that the airplane hijackers did anything illegal in the airports, according to the security regulations in place for U.S. airports on that day.
The only way law enforcement could have stopped their actions was if one of the terrorists was recognized and detained.
We have the technology to do that. It is the same technology that you can use to control access to your network. Authentication is described as having three possible components -- something you know, something you have, or something you are. Something you know is a password, and password-protected access is the most common method we use to provide network authentication. Something you have is a token or smartcard, used primarily for physical access to buildings or parts of buildings but also available for network access. The third possibility is something you are -- so-called biometric technology -- a fingerprint, retinal scan, or facial scan. It's not just for James Bond anymore, but used at more and more companies every day to ensure the identity of those seeking access.
Besides controlling access, biometric tools can enhance security. The Tampa, Florida police demonstrated it at this past January's NFL Super Bowl game. A number of unobtrusive surveillance cameras were set up to surreptitiously take pictures of everyone entering the stadium. These were quickly compared to stored images of known criminals. Reasonable matches were then signaled to law enforcement personnel, who could detain the suspects for questioning. Evidently, a couple of dozen criminals were apprehended in this way.
Unfortunately, the professional privacy advocates are up in arms about this, claiming that it's an unreasonable search under the fourth amendment to the Constitution. That, if you'll pardon the expression, is hogwash.
In the days following September 11, we learned that at least two of the hijackers had recently been placed on the FBI's so-called "watch" list, but that they came across the border before the updated list got to the Immigration service. But, think about that -- exactly what is a "watch" list?
Also think about this -- what is the time-honored method of finding the most wanted criminals in the U.S.? Why, it's the "wanted" poster (you can still see them hanging in your post office). A picture of the bad guy, along with a description, is posted so that anyone can identify the alleged perpetrator. The TV show "America's Most Wanted" relies on average citizens identifying wanted criminals because of what they look like!
Spy and mystery movies from the 30's and 40's -- more so in British film, but also in U.S. film -- frequently portray a law enforcement chief sending out pictures of the wanted suspect to train stations, bus terminals, boat docks -- all points of entry and exit in an attempt to identify and detain the evil doer. We can still legally do that. We could post policemen with notebooks full of photographs at the security checkpoints of all airports trying to match up the photos with the faces of the people streaming by. But that isn't very feasible. We'd either have to make the line of passengers move much more slowly or have dozens of police at every security checkpoint.
Or, we could use technology to improve our security while speeding us on our way. I don't know that any airplane could have been prevented from taking off on September 11 if this technology had been in place. I don't know if any terrorist could have been identified. What I do know, though, is that no one would have been searched "unreasonably." And, just maybe, a few more people might still be alive.
Are you using biometrics on your network? Do you think a biometric system, coupled with a national identity "smart-card" is useful, necessary, or an unwarranted intrusion? Head over to the
forum and let's talk about it.
Don't forget to post your thoughts in
Dave's discussion forum.
Would you like to receive Dave's future columns via e-mail? Go to our
registration page, enter your password, and edit your profile by checking the box next to "net Know-how with Dave Kearns."
This was last published in October 2001
Dig Deeper on Network Security Monitoring and Analysis