The Register » Security » Identity »

Original URL: http://www.theregister.co.uk/2005/06/16/secfocus_prints/

Your fingerprints are everywhere
By Scott Granneman, SecurityFocus (scott at granneman.com)
Published Thursday 16th June 2005 09:37 GMT
Comment How much do you trust your government? That’s a question that all of us have to ask, perhaps the more often the better. In 1787, Thomas Jefferson, one of the founders of the United States and its third President, wrote to Abigail Adams sentences that may seem incredible to many people today:

“The spirit of resistance to government is so valuable on certain occasions, that I wish it to be always kept alive. It will often be exercised when wrong, but better so than not to be exercised at all. I like a little rebellion now and then. It is like a storm in the atmosphere.”

One way to define a government is by whom it controls; in other words, governments serve to provide necessary services to their citizens, like roads and armies, but governments can also legally restrict your physical movements, your property, and your rights. That’s why someone can sue you in civil court for money, but losing a civil suit cannot lead to your imprisonment or the loss of your civil rights. If you have the misfortune of being tried in criminal court, however, the state is your opponent, not an individual, and losing that trial can result in the loss of your freedoms of movement, property ownership, and civil rights.

There are many actions taken in the name of security by governments – local, state, and national, and their agencies and representatives – that are rightfully troubling to those of us who think about security. An item was recently in the news (and believe me, it’s but one of gazillions and I could fill a book with examples like this) that left me shaking my head and wondering just how much the people who think they’re protecting us really understand about computer security.

The Naperville Public Library in Naperville, Illinois (the board of which is appointed by the Mayor and approved by the City Council) is now going to ask patrons to submit fingerprints in order to verify the identities of patrons wishing to use the Internet terminals. Currently, parents can ask the library to filter the Internet access of their kids; according to the library, “filtered” kids are swapping library cards with kids whose parents have not asked for filters, so the little shavers are able to use the network without restrictions.

(Other examples of governmental and non-governmental organizations asking for your fingerprints today: the Statue of Liberty, Disneyland, the US Border Patrol, plus even some tanning salons, and gyms.) . The Library claims that “[i]t is only the number, not the image of the fingerprint, that is stored in the system.” On the face of it, it would be foolish for the library to lie about this, and it’s true that many, if not most, fingerprint biometric systems work this way. But they don’t have to. Couple that with the Library’s rather disingenuous assurance that “… this information is borrower registration information and can only be revealed if required by court order.” Under the terms of the USA PATRIOT Act, however, the FBI and other government agencies can ask libraries to reveal information about patrons at any time, without a warrant, and the libraries cannot reveal this snooping to their patrons.

Putting aside the fact that it’s really easy to fool fingerprint biometric schemes, Naperville’s actions brings up some big questions: How much should you know about the public library? Do you know who runs the library? Do you trust them? Will the library really only keep a hashed number of your fingerprint and not your fingerprint itself? What is to prevent the FBI and other law enforcement organizations from getting that information by using the PATRIOT Act? What about when other governmental services, agencies, and organizations will soon start asking for fingerprints?

It gets worse. Future passports are going to use biometrics and may have RFID chips embedded in them (thus broadcasting American’s identities to anyone with a powerful enough RFID scanner). Do you use encryption software on your computer to keep it secure? A Minnesota appeals court has recently ruled that encryption software may be used as evidence of criminal intent (putting aside the fact that every computer out there has encryption software of some kind on it). It seems a regular occurrance that cops hassle photographers based on unconstitutional and, even worse, non-existent bans on photography in public places. A 57-year-old grandma and middle school principal forgets about the sandwich knife she put in her carry-on luggage; a TSA employee informs her upon finding it that she is now “considered a terrorist” and that “you don’t have any” constitutional rights.

And on and on.

This is approaching madness. Money is mis-spent, impossible promises are made, laws and decisions are rushed into being without thinking through the consequences, and freedoms and liberties are constricted, all in the name of security and safety. And the worst thing of all is that most people – John and Jane Q. Citizen – have no idea at all that their government agencies are wasting time, money, and valuable manpower in largely futile efforts. Citizens are told by their governments that they are safer, but in far too many ways they are really not.

What can people who know something about security do about this? It seems overwhelming and impossible; ignorance is a powerful force, especially when wielded by a government. Couple that with the natural tendency of too many people to believe those in authority – unthinkingly! – and we’ve got real trouble.

Let’s start small: talk to your family, your friends, your acquaintances. Educate the folks with whom you work. When something in the news provides you with what educators term a “teachable moment,” take advantage of that to help people understand the proper use, and more importantly, mis-use of technology for security.

Then move outward. We can write letters to the mass media. We can try to get interviewed by our local radio and TV stations. We can talk to everyone we know. We can contact our representatives, at all levels of government, and try to help them understand the difference between real security and a false, wasteful sense of false safety. I’m not saying it’s going to be easy. It’s not. Ignorance and fear have a way of constantly subverting knowledge and bravery. But that doesn’t mean we can’t rebel against them – and in this case, a little rebellion isn’t just a good idea. It’s a requirement.

What are you going to do to make sure that your government really protects you, your family, those you love and care about, and your nation?

Copyright © 2005, (http://www.securityfocus.com/)

Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients.
© Copyright 2005

UK’s first property exchange

Shares scheme launched for homes
This is Money (C)
14 June 2005
THE UK’s first property exchange was launched today enabling investors to buy and sell shares in individual houses.

The property will then be rented out by a letting company and investors will split the rental income, minus fees, according to the proportion of the property they own.

When people want to end their investment they simply re-sell their shares through the exchange, at a higher price than they bought them for if the property is considered to have risen in value.

There are currently 18 properties available through the exchange and the group expects the number to increase substantially in the coming months.

The exchange currently only offers residential properties in the UK, but it hopes to expand to include commercial property and overseas residential property in future.

Chief executive Stephen Kenny, who helped set up betting exchange Betfair, said: ‘The benefits of investing in the buy to let market have been well documented over recent years and yet this is an asset class that remains inaccessible to most.

‘Opromark opens up the buy-to-let market to a broader range of investors, including those struggling to get on the housing ladder, by making the minimum investment £1 and ensuring that investors can diversify their investment cost effectively across a range of residential properties.’

When a property is first introduced to the exchange people can view its details, including an independent survey, valuation and searches, and analyse the performance of comparable properties to decide whether they want to invest in it.

Investment in individual properties is restricted to 10% of the available shares. If someone exceeds this level they have to make an offer for all the remaining shares in the property.

Stamp duty will have to be paid on any properties bought through the exchange, but the group said it was currently trying to limit properties to ones which fell below the £120,000 threshold above which the tax is paid.

Membership of the exchange is free, but Opromark charges people a trading fee depending on the size of their investment, ranging from 3% for investments of up to £3,000 to 0.5% for ones over £250,000.

The exchange can be accessed at www.opromark.com

http://www.thisismoney.co.uk/mortgages/buy-to-let/article.html?in_article_id=401358&in_page_id=56&ito=1452

Is Rodi BitTorrent’s Replacement?

Rodi or Rodia (Ρόδι or Ροδιά) means pomegranate in Greek. The Rodi program is a tiny P2P client/host (under 300K of binary code) implemented in pure Java. It’s network use is similar to the bitTorrent concept. The program will serve the filesharing community with fast data delivery and serve the Open Source community by facilitating faster software deployment.

/.

Other anonymous filesharing systems currently avaliable/in development

MUTE [sourceforge.net]
ANTS p2p [sourceforge.net]
GNUNet [gnunet.org]
I2P [i2p.net]

Rodi in depth
p2pnet.net