Can you help me understand what prevents someone pinching my electronic "me"

At some point there has to be a link to the physical me, presumably by use of some biometric data. How can this be secured other than by my actual physical presence, and how can it be verified that this is indeed my physical presence unless there is some verified electronic version of my biometric data, and hence pinchable?

There are a lot of other things I would like to ask, for example, if there are more transactions in an identity-free context, does it imply that these are better. Surely many of the most meaningful transactions are between true identitites. We could all be impersonal monads, but would living in a completely virtual world be as much fun or so deeply satisfying?

Sorry if my questions reveal that I have not grasped the gist of your presentation, but I thought your article was stimulating enough to deserve at least one response.

FencePost,

Any system can be abused and people will find ways of pretending to be you but it will be difficult and it is almost certain that you will detect it. Our system uses a voice print as the biometric but we will extend it to include face, fingerprint, etc IF you want to use something else more convenient. Remember you identify yourself to your electronic presence and it deals with the rest of the electronic world. You do not identify yourself to your bank with your voice. You identify yourself to your electronic you then it communicates with the bank.

Everytime you wish to register a relationship with an organisation you use your voice print to tell your electronic presence that it is you. The device on which the utterance was made, the phrase that was spoken and the unique characteristics of your voice to make the relationship are all checked. Every time you create a relationship you are told via another communication channel that the relationship has been created. Hence someone to "steal your identity" will have to get your voice, your utterance, your phone and intercept the letter or phone call or email sent to you. Possible but difficult and if they do you will be able to undo any transactions they make in your name when you show it was not you.

In the future you may have many linked independent electronic presences and each one can watch the others to detect attempts to steal your identity.

Interactions in online games is very personal and many find humanly satisfying. They are not the same as a physical interaction but people like them. Have a go yourself as it is impossible to describe. A common experience is for people to have good online relationships that wanes as soon as they meet physically.

Kevin Cox wrote: "It is to the advantage of an individual to have all connections in the one place and connected biometrically to themselves as it makes it very, very difficult for someone else to steal their identity. The only way for an electronic identity to be stolen is to physically kidnap or take control of the person."

I'm afraid I have a more sober view of biometrics, a technology that for the most part is commercially immature. It is simply NOT very very difficult to steal a biometric identity. Independent research has shown that the majority of fingerprint scanners can be fooled by replica fingers molded from candy gelatin*. Low cost iris scanners and facial recognition systems are laughably easy to spoof; see www.heise.de/ct/english/02/11/114.

[* see "Impact of Artificial Gummy Fingers on Fingerprint Systems", T. Matsumoto et al, Proceedings of SPIE, 4677, Optical Security and Counterfeit Deterrence Techniques IV, 2002]

Most tellingly, the published False Accept Rates of commercial products hover around 2 or 3%. This would mean that on a random basis, 2 or 3 in a hundred imposters would be successful in an attack. This figure is startlingly high in light of claims made by vendors that biometrics represent 'unique' markers, or that "the only way for an electronic identity to be stolen is to kidnap the person". If the random hit rate is 2 or 3% then we should be very worried that a concerted targeted attack on a biometric could deliver much greater returns to the criminal.

Cheers,

Stephen Wilson
(information security professional)

Stephen,

You are quite right. It is easy to steal a biometric so we must build our systems to anticipate this.

It is difficult to "break" all the connections of an electronic identity. For example, with a voice biometric we use the voice, the phone on which it was uttered and a "secret phrase" to identify someone. If there is doubt we go to a human operator. This makes it hard to steal. If your voice is stolen and your phone and they know your secret phrase then they will also have to steal all the other ways of contacting you for it be become hidden from you. More importantly it will become relatively easy for you to reclaim any losses as a victim of crime. Because of the difficulty of committing the crime and the difficulty of getting away with it then criminals will tend to go to easier pickings.

Take a look at the alternatives. The point is to make advances that make a new system better than what it replaces and an electronic identity that you control is superior to the existing alternative where others want to "look after" my identity. (The most interesting part of the whole exercise is what happens when we have reliable electronic identities. Almost all online systems now become much much simpler and more secure)

Fickle Pickle wrote: "we use the voice [biometric], the phone on which it was uttered and a 'secret phrase' to identify someone. If there is doubt we go to a human operator".

But the fall back mode to a human is determined by a machine, and that machine is fallible. If the False Match Rate is say 1% then 1 in a 100 random imposters will not be double checked by a human. And for a concerted attack by people who know the foibles of a given biometric system, the success rate will be likely much higher than that.

This reminds me of the Smartgate Trials (face recognition at airports) where they proudly reported the number of imposters who had been picked up by the system over several months of live operation. And they also reported that the number of innocent people inconvenienced by a false alarm was acceptably low. But they don't know empirically how many people *should* have been detected but weren't.

Cheers,

Stephen Wilson
(information security professional)

Stephen if the error rate on the biometric is 1% and the likelihood of the phone being stolen and used for fraud is 1 in 1000 and the likelihood that the thief knows the pass phrase is also 1 in 1000 then the chance of an imposter succeeding is 1 in 100,000,000. (OK I know they are not independent but you get the idea)

You have to remember that most transactions are trivial and are not national security. The system is much much more secure than written signatures and they work quite well. Security systems for most of our oneline transactions do not have to be perfect for them to be effective - particular when we build systems that are very likely to detect anyone who gets through the system.

I am not claiming that the biometrics are foolproof. A reason why biometrics are useful is that when a fraud is detected there is a physical link to the real person that may be used in evidence against the person if they can be physically detained whereas a password on its own is unlikely to hold up in a court of law.