RogueRose
International Hazard
Posts: 1585
Registered: 16-6-2014
Member Is Offline
|
|
The Science behind biometric authentication and its acceptance in the public arena
I asked a mod before posting this, because it is about biometrics for authentication, I was OK'd the topic. PLEASE keep it away from talk about
whether it is "needed or not" but focus on what is doable, functional, better ideas, etc.
Just last Tuesday I realized that we are in desperate need of some kind of identification when we utilize our constitutional rights every 2 or 4
years. I'd like to start off by saying I am NOT a fan of the government or corporations using private biometrics, especially when they are directly
linked to a person (such as a person's profile has eye scan, finger prints, etc).
But after observing the process for about 2 hours I came to the conclusion that there are holes large enough to fly a 787 Dreamliner through and being
that I worked in IT security for some time, I became very good at finding security vulnerabilities/holes and especially the ones where social
engineering comes into play (basically manipulating people who are afraid to say "no"- it is so fun to mess with these types of people by asking them
to do absurd things they would normally not do and watch them break company code and or law just because they were added.
What I found that is needed is a way to prove that a single person didn't vote more than once (in same location, state, and or elsewhere in the
country. I came up with a few ideas: thumb scan/print, iris scan, ear scan, face scan. Now out of all of these I think the thumb print and ear scan
would be the easiest (as long as they produce unique results (like 1 in a billion or higher vs 1 in 10,000 with other methods).
I was thinking that the taking a standard thumb print (R hand if available, L if the right thumb is missing/damaged). When people get a ballot at the
bottom there is the tear-off receipt - it can also include another strip that is the same size as the receipt strip. Then before scanning both pieces
are torn off and the strip where you put the thumb print is done at the table where they scan the ballot. There is no identification on the thumb
print paper - just a lone thumb print. Then the ballot is scanned and the thumbprint sheet is fed into the small slots of 1 through 4/5 (so all the
prints are random between the 4/5 feeding slots - but they are counted as they are added - just like the ballots are counted - not who was voted for-
yet).
So after voting is done, the thumbprint slips are stacked and then scanned and an algorithm produces a unique ID for each thumbprint then compares
these values for each polling place and even the state (ideally nationwide). If it finds slips with the same "unique ID" (or with VERY high
similarity like 99.5% or some specified #) then those slips will be pulled an another more in depth analysis will be done. All slips will be
digitized for storage and transfer to the FEC (Federal election committee - or whoever handles voting & fraud).
If this method were used, then it wouldn't be possible for the same person to vote at different locations (which seems to be the case in some states).
It should also be able to determine which illegals are voting and where, at least those who have been processed in the immigration system or by law
enforcement.
Since the prints can't be used to identify who anyone voted for, the MOST that can be done is show that someone voted and that is only IF your print
is on file (which I think we need that at this point, unless other suggestions are better).
I could see using thumb print as the way to "log in" when getting to the poles, instead of showing ID or telling them your name. use a digital
scanner, scan the thumb print and check it against the thumb print on file (from DMV, library card, police record, hospital birth or visit, etc).
This would also clear up a lot of issues that cause major problems in some states where requiring ID is too much to ask.
So what do you guys think about using a thumb print to verify that voters are unique and that the same person, illegal people, etc are not voting or
are voting more than once.
I highly suggest that for voter registration, people need to register at any DMV or proper location, where they submit their thumb print - which is
linked to their voter ID log, just like some states use signatures to verify people (no ID, just sign the log book).
What do you say, what do you think and do you have other suggestions as to what might be a better idea or less intrusive (I don't think this is
terribly intrusive this way).
Thanks in advance for any helpful discussion on this issue.
|
|
|
DavidJR
National Hazard
Posts: 908
Registered: 1-1-2018
Location: Scotland
Member Is Offline
Mood: Tired
|
|
People won’t like it because it’s too close to being treated like a criminal. Also, it’d make a lot more sense to use electronic fingerprint
scanners rather than using ink and paper.
|
|
|
unionised
International Hazard
Posts: 5103
Registered: 1-11-2003
Location: UK
Member Is Offline
Mood: No Mood
|
|
People put up with being fingerprinted to get into theme parks.
Remind me to get some prints from koalas 3d printed.
https://www.livescience.com/14007-koalas-human-fingerprints....
I should be able to use them to let me "vote early and vote often" as the saying goe.
Also, remind me to go to the local redneck bar (just an example- it would work either way) and lift prints from the beer glasses + 3 d print them.
I can then go + "vote" with those prints and thus invalidate their real otes (swinging the overall result away from their preference.
|
|
|
Sulaiman
International Hazard
Posts: 3558
Registered: 8-2-2015
Location: 3rd rock from the sun
Member Is Offline
|
|
For 2/3 of my life I have been literally taken at face value - here in UK.
(some things require more identification)
For the other 1/3 of my life I lived in Malaysia where adults MUST carry an i.d. card at all times.
The system is reasonably secure from external forgeries and now has biometrics (photo and fingerprint) and acts as a wallet for daily payments etc.
English cannot yet accept such a 'big brother' risk,
Malaysians cannot imagine life without an identity card.
I was involved exclusively with Government I.T. and one thing is for sure,
each citizen having a primary reference identifier makes I.T. so much simpler,
and so much more open to abuse.
Security is always relative, there is no such thing as absolute security if humans are involved.
Given enough incentive any security system can be breached.
So the game is to spend as little as possible to provide just enough security to 'feel' safe,
then spend as little more as possible to fix it.
(consider SM spam etc.)
If that helps to clarify things then you misread it 
|
|
|
DavidJR
National Hazard
Posts: 908
Registered: 1-1-2018
Location: Scotland
Member Is Offline
Mood: Tired
|
|
Quote: Originally posted by Sulaiman  |
I was involved exclusively with Government I.T. and one thing is for sure,
each citizen having a primary reference identifier makes I.T. so much simpler,
and so much more open to abuse.
|
Oh certainly, that'd make my day job a lot easier; I work on a police information system.
Our software also does fingerprint stuff using some nifty little scanners from Integrated Biometrics. I could certainly see that hardware as being useful for OP's proposed purpose. Once the developers manage to stop laughing
at the name of the FAP XX standards, that is...
Actually, on poking about the IB website I see that they apparently sold Brazil 13,000 devices for this precise purpose.
| Quote: Originally posted by RogueRose |
What I found that is needed is a way to prove that a single person didn't vote more than once (in same location, state, and or elsewhere in the
country.
[...]
If this method were used, then it wouldn't be possible for the same person to vote at different locations (which seems to be the case in some states).
|
The UK has a simpler solution to this issue: just give everyone an assigned polling place (typically the one nearest their home) and require that they
go to that one specified place to vote.
There is one exception to this: full time students who live away from 'home' are allowed to register to vote at both their university address and
their home address, which results in having the option to go to one of two polling places depending on what's convenient on the day. I am not sure
that checks are made to ensure that such a person has not voted at both locations.
| Quote: Originally posted by RogueRose |
So what do you guys think about using a thumb print to verify that voters are unique and that the same person, illegal people, etc
are not voting or are voting more than once.
|
Fingerprints do not in themselves magically tell you whether a person has a legal right to vote. So I don't see how this would help filter out
non-citizens. Surely existing voter registration processes are sufficient to check the applicant's right to vote anyway - and if they aren't
sufficient, then this proposal won't do anything to help.
| Quote: Originally posted by RogueRose |
I was thinking that the taking a standard thumb print (R hand if available, L if the right thumb is missing/damaged). When people get a ballot at the
bottom there is the tear-off receipt - it can also include another strip that is the same size as the receipt strip. Then before scanning both pieces
are torn off and the strip where you put the thumb print is done at the table where they scan the ballot. There is no identification on the thumb
print paper - just a lone thumb print. Then the ballot is scanned and the thumbprint sheet is fed into the small slots of 1 through 4/5 (so all the
prints are random between the 4/5 feeding slots - but they are counted as they are added - just like the ballots are counted - not who was voted for-
yet).
So after voting is done, the thumbprint slips are stacked and then scanned and an algorithm produces a unique ID for each thumbprint then compares
these values for each polling place and even the state (ideally nationwide). If it finds slips with the same "unique ID" (or with VERY high
similarity like 99.5% or some specified #) then those slips will be pulled an another more in depth analysis will be done. All slips will be
digitized for storage and transfer to the FEC (Federal election committee - or whoever handles voting & fraud).
|
If the verification of the fingerprints is done at count-time in the way you propose, then arguably this has very limited usefulness given that there
is then no way to actually correct the result - assuming the fingerprint stubs are not linked to ballots. It would be much better to have real-time
electronic checks of the fingerprints when the voters arrive at the polling place.
If you could accept having a unique ID linking the fingerprint to the ballot then count-time verification of fingerprints would not be an issue. In
the UK, contrary to popular belief, it actually is possible to trace a ballot back to the voter. I know the following info because I have worked as an
enumerator in the counting process in previous elections/referenda:
On the reverse of each ballot is what is referred to as a UIM (unique identifying mark). The exact form of this is not specified by law but typically
is a barcode. Ballots are supplied to polling places in books and are torn out by poll clerks, leaving behind a ballot stub in the book. This stub
also contains a copy of the UIM. When a voter arrives they are asked to provide their name and address. The poll clerks (two together) check their
register of voters and score a single line through the voter's name. The ballot is issued, and the UIM from the stub is written onto the register.
There are procedural controls in place which are intended to ensure that no single person has access to both the register with UIM -> person link,
and to the cast ballots. They are kept and transported separately. Additionally during counting, enumerators are required by law, to the extent
practically possible, to keep ballots face up in order to hide the UIM on the reverse from observers. However, should a discrepancy arise during the
counting process, this documentation of UIMs and associated voters is invaluable in investigating.
In the UK we do not use electronic voting systems, neither DRE (direct-recording electronic) nor optical-scan systems. These both have a stack of
issues in their own right but I won't go in to that now because we'd be here all week.
| Quote: Originally posted by RogueRose |
I was thinking that the taking a standard thumb print (R hand if available, L if the right thumb is missing/damaged).
|
What if you have had all four limbs amputated?
Also, how would proxy votes be handled in this system? One person can legitimately cast two ballots if one of them happens to be a proxy ballot on
behalf of another voter.
| Quote: Originally posted by RogueRose |
When people get a ballot at the bottom there is the tear-off receipt - it can also include another strip that is the same size as the receipt strip.
Then before scanning both pieces are torn off and the strip where you put the thumb print is done at the table where they scan the ballot. There is
no identification on the thumb print paper - just a lone thumb print. Then the ballot is scanned and the thumbprint sheet is fed into the small slots
of 1 through 4/5 (so all the prints are random between the 4/5 feeding slots - but they are counted as they are added - just like the ballots are
counted - not who was voted for- yet).
|
In the UK ballot boxes do not result in a neat stack of papers but instead a jumbled mess. Also, poll clerks are supposed to tell voters to fold their
ballot once exactly yet people still feel the need to fold it 27 million times into a tiny brick which just wastes time for the people counting...
| Quote: Originally posted by RogueRose |
Since the prints can't be used to identify who anyone voted for, the MOST that can be done is show that someone voted and that is only IF your print
is on file (which I think we need that at this point, unless other suggestions are better).
I could see using thumb print as the way to "log in" when getting to the polls, instead of showing ID or telling them your name. use a digital
scanner, scan the thumb print and check it against the thumb print on file (from DMV, library card, police record, hospital birth or visit, etc).
This would also clear up a lot of issues that cause major problems in some states where requiring ID is too much to ask.
|
It'd arguably be better than requiring ID as more people have fingers than have ID documents. However having a database of the entire population's
fingerprints opens serious privacy and ethical problems, which are beyond the scope of this thread.
[Edited on 12-11-2018 by DavidJR]
[Edited on 12-11-2018 by DavidJR]
|
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
