How Much Damage Can OPM Hackers Do With a Million Fingerprints? (Nextgov)
Though the idea of hacked fingerprints conjures up troubling scenarios gleaned from Hollywood’s panoply of espionage capers, not much is currently known about those that OPM said were swiped in the data breach, which began last year and has been privately linked by officials to China. In fact, the agency said it didn’t even know yet specifically which personnel have had their prints compromised.
The linked article is really good in that it spends a great deal of analysis of the unknowns, and there are many.
While a collection of images of the fingerprints of US government employees — if that is an accurate description of that was taken — certainly has its uses, not all potential uses are equal or equally likely.
In terms of identity fraud, the 1.1 million government employees who had their fingerprints stolen may not be a whole lot worse off than the 20 million or so other government employees who had their personal information stolen minus the fingerprints, though that is cold comfort indeed to the victims. If the individuals whose information was stolen are given the precise details of the personal information that is now “out there” they will be able to make informed decisions about how they wish to manage their affairs going forward. That includes how they might interact with biometric ID management technologies in the future both in and outside of government applications.
The intelligence value of the fingerprints of government employees is different story. With time, money, and pictures of a million fingerprints, it is possible to build a fingerprint watch-list. Probably, not all of the pictures of fingerprints will be of a high enough quality to be enrolled in an automated system today but more time and more money could help. From there, the new watch-list could be accessed by a new or existing biometric ID technology deployment such as a checkpoint serving whatever purposes its owner has for it.
There is probably a lot the government still doesn’t know about what was stolen, and even more that hasn’t been shared with the public and more importantly with the individuals whose information has been compromised. It will also take some time for the stolen information to be put to use. The Office of Personnel Management has a lot of work ahead of it.
More than 1 million people are listed in U.S. terrorism database (Washington Post)
The documents obtained by The Intercept also indicated that the government, with the assistance of the CIA, is in the midst of a major effort to obtain biometric data on people in the database. The records say analysts have added 730,000 biometric files to the database; some of those files include fingerprints, iris scans and facial photographs.
As of last year, the database contained 860,000 biometric files related to 144,000 people.
There’s a lot of really interesting information at the link.
New technological choices bring challenges (C4ISR Journal)
The intelligence community is pushing to make biometrically enabled intelligence — the art of identifying people by fingerprints, digital mugshots, iris scans or DNA — a regular part of business.
But other technologies are coming online. Facial recognition algorithms could someday riffle through mugshot databases to find matches much as fingerprint algorithms do today. Iris-matching technology is another field under development. Authorities around the world are rapidly switching from fingerprints to iris scans for verifying the identities of travelers and workers, and iris databases are growing. And some biometrics experts are aiming for multimodal biometrics in which fingerprint matches would be combined with facial recognition and other measurements to determine someone’s identity with maximum confidence.
Read the whole thing.
Australia to test biometric system (UPI)
Australia’s Defense Department has received a trial proof of concept for an automated biometric information system from Northrop Grumman.
The proof of concept, modeled after the U.S. Department of Defense Automated Biometric Identification System, will be used to produce biometrically enabled intelligence.
It looks like the US Military is developing the Mother of All (Data)bases — a military intelligence MOAB, if you will.
Integrated Intelligence Framework Takes Shape (GlobalSecurity.org)
This state-of-the-art battlefield intelligence, reconnaissance and surveillance architecture will enable analysts from every service to take data from multiple military and government sensors and databases and compile them into a single, easy-to-access format, he explained.
DCGS-Army, already fielded in Afghanistan as it undergoes operational testing and evaluation, provides a glimpse into that intelligence enterprise.
“It brings together data from all the sensors,” Wells said, regardless of whether they’re based in space, on aircraft or on the ground — even biometric data collected by a soldier at a local forward operating base — and incorporates it into a single platform.
What if? Online Real-Time Searchable Sensor Data
The original MOAB is here. (You Tube)
Mission Nearly Impossible (StrategyPage)
The use of biometrics does its job very well keeping out spies, terrorists and saboteurs. The downside is that it also limits the activities of your own spies. This has led to efforts by espionage agencies to get around this “problem.” The espionage organizations will not comment on what, if any, solutions they have come up with. That is to be expected.
Meanwhile, the U.S. has developed tools that enable combat troops to use biometrics on the battlefield.
Read the whole thing.
See also: U.S. Military Departs Iraq, Takes Huge Biometric Database with It