Vic Socotra

20 February 2010

Biometrics

Biometrics
(External Microsoft fingerprint scanner. They have been around for years.)

The storms, taken together, form a great white eraser that separates this new decade from the one that went before. It may have missed the precise calendar divide by a few weeks, but was infinitely more effective as an aid to memory.

I had a long-delayed appointment to set up my accounts linking me to a communications network in an anonymous tower in Crystal City, the vast pentagon annex across the Shirley Highway from the vast five-sided gray sandstone building.

Considering the mounds of ice and lakes of dirty water that remain to clog the streets and fly up in great rooster tails of salty crap, I was lucky to be early. I tried all the access badges attached to my neck lanyard with no result.

I waited in the hallway for several minutes, periodically pressing the announcement buzzer to the cipher-lock door.

Eventually another contractor appeared, and slipped a pink-colored badge through the card reader and entered a personal identification number. I have one of those badges, but no PIN.

“Is that the one to use?” I asked.

“Theoretically it is another one,” she said crisply. “But that system has been down for about a month and only the old access codes work for those that had them issued before the storm. They don’t know when it will be fixed.”

I wandered back through the cube-farm and found someone to talk to while we waited for the technician to show up and assemble the computer. Actually, three of them, linked through an A-B-C switch to a single monitor.

One, is an unclassified system, relied on a magnetic identification card and a password I was supposed to remember.

The white eraser of the storms had made that effectively go away. Or perhaps the time to first log-in had passed; two unknowable things looking at the keyboard that flashed “Unable to verify.”

I don’t know about you, but of late the requirement for “strong passwords” has become ubiquitous. There are a couple systems I am supposed to be able to access when necessary and they are not the ones that can live on the desktop at the office. They live behind cipher locks that require their own badge access and password, which with the glowering guards provide the least effective means of protection.

The people that run the information technology programs have settled on the human interface as the best means of defense against the “human factor,” which comes in two distinct variants: external and internal.

We know of late that the Chinese and the Russians have spent vast treasure in the systematic pilfering of government and business systems in the West. Lately, two major attacks were traced to the MIT-equivalent university of China (Shanghai Jiaotong University) and a PLA-linked vocational school at Lanxiang in Shandong Province.

The usual disclaimers were made, though Jiaotong has been linked in the past to the successful denial-of-service attacks on the White House website. When Mike McConnell was the Director of National Intelligence he maintained that cyber security was the number one security threat to the United States.

More could be done to screw us up royally that way than any simple kinetic attack. Banking, commercial and relatively high-level communications systems naturally are what we think about. But the lowly Supervisory Control and Data Administration Systems (SCADA) , the dumb robots that control sprinkling systems and sluice gates on mighty hydroelectric dams are increasingly linked into the architecture.

That is too much to think about, sitting in front of a flashing screen, trying with increasing desperation to think of a six-digit number created before the storm that was easily remembered but was not a birthday or social security fragment.

No matter. That will just take a morning at the Badge Office trying to unscramble, and the government will pay for my time and lack of ability to remember. It was all OK. The technician explained that he could do the other system since it did not require information from the computer access card.

The challenge came with the other more protected network. I was told to think of a 14-24 digit password that included a specified number of capital letters, numbers and at least two special characters.

I looked at the technician blankly. No “strong password” in my little brain came to mind, nor a variation on one that I might remember with any confidence. I began to write down options in school-boy hand, careful to differentiate numbers and capitals and symbols. I finally came up with one that appeared to work, but it was so complex that I had to immediately write it down as a defense against failing memory.

Where was the security in that, I wondered? Making things so complex only made me immediately do the one thing to defeat to it. Human factors, the biggest threat to security. If only people were not involved at all.

When I worked with the wizards at Bell Labs, some of the remaining wise men told me there was a time when psychologists were employed to make strings of numbers and rotary phone dials more approachable to humans. The original area codes for New York City (212) and Washington, DC, (202) are illustrative. Now, with the advent of keyboards and touch screens, the intent is deliberately reversed.

Things were about to get better, or worse.

I had wondered why I had to personally be present to watch my computer being hooked up. The technician explained that part. There was a little peripheral unit with a red light to the right of the keyboard. I was instructed to choose two fingers and, one by one, press those selected digits to the glowing light so that the machine could learn my fingerprints, and associate the evidence of my body with the card in the slot and the password I had laboriously constructed.

I was impressed. “So, if somebody knocks me over the head and steals my badge, gets the password out of my wallet and tried to use it, they still won’t get access?”

“Yep.” The tech completed his supervisory access and logged out. “You are now good-to-go, at least on that network. Now, they will have to cut your fingers off after they knock you out to get on.“

I nodded. That was a comfort.

This is hardly cutting edge technology, and there is much more sophisticated gear out there. The necessity of sorting out terrorists and illegal combatants from ordinary civilians has prompted the introduction of some really cool technology to mark several unique physical characteristics, including fingerprints, retinal patterns and even DNA.

Biometrics are taking us forward into a much more secure world.

Once I was able to log on, I saw a link to the video about the hit-team that took out Mahmoud al-Mabhouh, the Hamas leader who was of interest to the Israelis due to his involvement in the kidnapping and murder of a couple IDF soldiers twenty-one years ago. Since then he has passed his time with the import of rockets into Gaza to shoot at random into Israel.

The authorities in Dubai were able to assemble quite a video of the hit team, from airport arrival, to the operation itself at the al-Bustan Rotana Hotel, back to the airport, and farewell shots of them boarding flights for Austria.

They left no biometric evidence behind except for the security camera images, or if they did the Dubai police are not saying. It is hard to leave nothing behind. Even a cigarette butt or a tissue can provide DNA.

I don’t know if they will ever get nailed for the operation. But the way things are going with technology; it will not take decades to figure out, like Mr. al-Mabhouh.

Of course it might take me that long to figure out how to remember my passwords, and I intend to keep my fingers to myself.

If I can.

Copyright 2010 Vic Socotra
www.vicsocotra.com
Subscribe to the RSS feed!