[ISN] 2-Fingerprint Border ID System Called Inadequate

R.A. Hettinga rah at shipwright.com
Wed Oct 20 07:59:37 EDT 2004

--- begin forwarded text

Date: Tue, 19 Oct 2004 21:40:22 -0500 (CDT)
From: InfoSec News <isn at c4i.org>
To: isn at attrition.org
Subject: [ISN] 2-Fingerprint Border ID System Called Inadequate
Reply-To: isn at c4i.org
List-Id: InfoSec News <isn.attrition.org>
List-Archive: <http://www.attrition.org/pipermail/isn>
List-Post: <mailto:isn at attrition.org>
List-Help: <mailto:isn-request at attrition.org?subject=help>
List-Subscribe: <http://www.attrition.org/mailman/listinfo/isn>,
	<mailto:isn-request at attrition.org?subject=subscribe>
Sender: isn-bounces at attrition.org


By Robert O'Harrow and Jr. Scott Higham
Washington Post Staff Writers
October 19, 2004

Terrorists who alter their fingerprints have about an even chance of
slipping past U.S. border watch-list checks because the government is
using a two-fingerprint system instead of one that relies on all 10
prints, a lawmaker said in a letter he made public yesterday to
Homeland Security Secretary Tom Ridge.

Rep. Jim Turner (D-Tex.) wrote that a study by researchers at Stanford
University concluded the two-finger system "is no more than 53 percent
effective in matching fingerprints with poor image quality against the
government's biometric terrorist watch-list." Turner said the system
falls far short of keeping the country secure.

"It's going to be a coin toss as to whether we can identify
terrorists," Turner, the ranking member of the House Select Committee
on Homeland Security, said in an interview yesterday. "It's a 50-50
chance, and that's not good enough."

Turner's Oct. 15 letter comes as government officials supervising the
burgeoning border security system, known as US-VISIT, have been
touting their use of fingerprints for identifying people crossing the
border and checking them against watch lists of suspected terrorists.

The US-VISIT program aims to create a "virtual border" using computer
networks, databases, fingerprints and other biometric identifiers. The
program requires foreign visitors to register their names before
traveling to the United States and have their fingerprints checked
when they arrive and depart. Officials estimate the system could cost
up to $10 billion and take a decade to build.

The border security program is relying on technology first developed
for a program at the former Immigration and Naturalization Service
called IDENT. Government officials have known for years that IDENT did
not work well with the identification system used by the Justice
Department, a 10-fingerprint system called the Integrated Automated
Fingerprint Identification System. That system is known for producing
good results, even with poor-quality fingerprint images, Turner's
letter said.

But homeland security officials have told Congress they decided to use
the IDENT system for the first phase of US-VISIT as a way to quickly
improve security at the borders, and move to a 10-fingerprint system
later. "It was a logistical issue we had to deal with," said Robert A.
Mocny, deputy director of US-VISIT. "It will get better. . . . It's a
matter of what we can do right now."

Turner's letter said the Department of Homeland Security ignored
numerous warnings from the "government's top biometric scientists"
that the "two-fingerprint system could not accurately perform watch
list searches and the ten-fingerprint system was far preferable."

The letter quotes Stanford researcher Lawrence M. Wein, who said his
study found that at best, with a software fix, the two-finger system
would properly identify only about three of four people. Two weeks
ago, Wein told the Homeland Security Committee that the "implications
of our findings are disturbing."

Turner accused homeland security officials of failing to be "more
forthcoming" about the limitations of their approach. Turner asked
Ridge to direct homeland security officials to "preserve all documents
and electronic communications" relating to their decision on

"I understand your desire to deploy biometric screening at our borders
as quickly as possible," Turner said in his letter. "But more than
three years after the 9/11 attacks, we have invested more than $700
million in an entry-exit system that cannot reliably do what the
Department so often said it would: Use a biometric watch-list to keep
known terrorists out of the country."

A spokesman for the Republican-controlled Homeland Security Committee,
Ken Johnson, said the release of Turner's letter was driven by
election-year politics. Johnson acknowledged that there are "some
concerns" with the current system, but he said US-VISIT continues to
evolve. "In a perfect world, where money is not an issue, and people
wouldn't mind spending countless hours or days at the border, the
10-fingerprint system would be preferable. But that's not reality,"
Johnson said. "They're playing politics with some very sensitive

Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -

--- end forwarded text

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list