Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Wrinkle For Biometric Systems: Irises Change Over Time

timothy posted more than 2 years ago | from the love-the-way-your-eyes-formerly-sparkled dept.

Security 59

scibri writes "The iris scanners that are used to police immigration in some countries, like the UK, are based on the premise that your irises don't change over your lifetime. But it seems that assumption is wrong. Researchers from the University of Notre Dame have found that irises do indeed change over time, enough so that the failure rate jumps by 153% over three years. While that means a rise from just 1 in 2 million to 2.5 in two million, imagine how that will affect a system like India's — which already has 200 million people enrolled — over 10 years."

cancel ×

59 comments

Sorry! There are no comments related to the filter you selected.

First post (-1)

Anonymous Coward | more than 2 years ago | (#40118789)

Firsties for the win

The Gap (0)

Anonymous Coward | more than 2 years ago | (#40118837)

So then how is The Gap in the future going to remember my preference for assorted tank tops?

uh.... (2)

retchdog (1319261) | more than 2 years ago | (#40118843)

if you were fucking over 0.0000005 of your population already to no significant protest, why would anyone care if you are now fucking over 0.00000125 of your population?

any statistical system should serve only as a first alert; and any positive found thereby should be carefully evaluated by more thorough and human measures.

Re:uh.... (2)

Mannfred (2543170) | more than 2 years ago | (#40118877)

FTFA:

“So although you might not really notice the problem after one year or two years, after five or ten years it can become a huge problem,” he explains.

This area definitively warrants further research - if nothing else, it could mean that Iris scans will have to be re-done every 5-10 years (a bit like passport renewals). Depending on the specifics of the cumulative degradation (i.e. how exponential the effect is), you could be looking at a 2,000,000% failure rate increase in 11 years.

Re:uh.... (4, Interesting)

Mashiki (184564) | more than 2 years ago | (#40119099)

I think they could have a much larger problem. Since a diabetics eyes can change drastically in a 2-3 month period, and depending on who's data you're using. You're looking at anywhere between 3% and as high as 25% of the average population having a problem with this system.

Re:uh.... (4, Interesting)

kitezh (1442937) | more than 2 years ago | (#40119489)

Or with contact lenses. I found this out myself after wearing contacts for a couple of years. After wearing them longer each day than I should have, my eyes began growing extra blood vessels to bring oxygen to the cornea where it was covered by the lens. It most definitely changed the pattern in my irises.

Re:uh.... (2)

BlueStrat (756137) | more than 2 years ago | (#40120247)

I think they could have a much larger problem. Since a diabetics eyes can change drastically in a 2-3 month period, and depending on who's data you're using. You're looking at anywhere between 3% and as high as 25% of the average population having a problem with this system.

Pish!

Easy to solve for a government drone. Just make it illegal/against regulations to change your irises. No more high error rates or re-testing/registering, and a significant rise in arrest/detention stats!

A win-win for security theater!

Strat

Re:uh.... (0)

Anonymous Coward | more than 2 years ago | (#40120475)

Let's all get diabetes to maintain our privacy!

Re:uh.... (1)

mapfortu (2567463) | more than 2 years ago | (#40121651)

Unpopular information here:

Your DNA profile will change over time, too.

DNA matching (paternity, evidence) is mostly a practice of choosing calibration markers and experimental conditions which produce reliable results. The instrumental concept is line width and line resolution. With so many data points there needs to be a reliable set of known markers around which to calibrate the remainder. A sufficiently established calibration set, however, nearly ensures that the variance in the surrounding data is less identifying and more statistical noise.

The wikipedia article for optical resolution [wikipedia.org] conceptually applies to biometrics; including DNA profiles.

Re:uh.... (3, Insightful)

interkin3tic (1469267) | more than 2 years ago | (#40118943)

I object to the notion that pointless identification by the state like iris prints for immigration only fucks over a tiny percentage of the population. The loss of privacy is a bigger concern for me, and I've never had iris scans, to my knowledge.

Re:uh.... (1)

retchdog (1319261) | more than 2 years ago | (#40125243)

okay, but that is a problem regardless of whether the system works, right? if anything, it's more of a problem if the system works.

Re:uh.... (0)

Anonymous Coward | more than 2 years ago | (#40119395)

This sounds like a guarantee for long term contracts by some lucky Indian IT shops, sort of like medical metrology contractors needed to keep USA TSA terrahertz body scanners properly calibrated ... OR NOT!

In my conspiracy_theory addled brain, the idea occurred that these "iris digital identity" failures might provide the perfect opportunity for some lucky government contractor to embed RFID chips in 1.3 billion people. First India, then the entire British Commonwealth, and then the World -- any libertarian's worse nightmare, and every kleptocratic authoritarian globalist's "wet_dream".

Re:uh.... (0)

Anonymous Coward | more than 2 years ago | (#40119975)

Actually , the India bit is a perfect example of why bureaucrazy and democrazy are horribly flawed systems unless of course you actually want to take an entire nation over the falls in a barrel.

Re:uh.... (1)

GLMDesigns (2044134) | more than 2 years ago | (#40120065)

Yes. Except people didn't think of this as simply a statistical system. It is thought of as a unique identifier.

Re:uh.... (1)

jc42 (318812) | more than 2 years ago | (#40120515)

Except people didn't think of this as simply a statistical system. It is thought of as a unique identifier.

"Hey, we can build equipment to compare photos of people's irises. We can tell everyone that this is reliable and irises never change. They'll believe us, because who would both with a literature search to see if any research has been done or that it's true. It has worked for over a century with fingerprints, even though the textbooks contain lists of all the known problems they have, plus examples of fingerprints that aren't at all unique. So they'll accept the same uniqueness claims for iris patterns. We can make a pile of money off this."

Re:uh.... (0)

Anonymous Coward | more than 2 years ago | (#40120413)

It really depends on the context, in India it is kind of different. There are a lot of people unable to take advantage of welfare due to them literally not existing. A few previous attempts have been implemented but offset with corruption. Remember there is no National Insurance or Social Security at present.

Being able to get healthcare or welfare isn't being fucked over, much as you might have been led to believe these are all bad things.

Re:uh.... (1)

gd2shoe (747932) | more than 2 years ago | (#40126761)

People who literally don't exist shouldn't be getting welfare. When they do, it's called fraud.

I literally believe you don't know what "literally" means.

So update the scan with renewal (1)

BagOBones (574735) | more than 2 years ago | (#40118869)

You already have to update passport and drivers license photos ever few years why would it be difficult to update the iris scan to increase accuracy?

Re:So update the scan with renewal (2)

the_raptor (652941) | more than 2 years ago | (#40118947)

For the simple reason that many people might find that sort of thing stinks of Big Brother. People are used to official photographs now but generally find other forms of identification such as fingerprinting to be too associated with law enforcement to be acceptable. The appeal of Iris scans would be to do them when children are born and can't protest, meanwhile the parents are probably too overjoyed and tired to protest either.

Also I suspect the authorities don't like biometrics which change because they like to push through cases on forensic identification and so don't like the public thinking about the false positive rate.

Re:So update the scan with renewal (3, Insightful)

markdavis (642305) | more than 2 years ago | (#40119773)

And yet iris and retena scans are FAR more privacy friendly than fingerprints or DNA.

We don't go around leaving our eye prints all over the place. And it is far more difficult to obtain them clandestinely.

Re:So update the scan with renewal (0)

misexistentialist (1537887) | more than 2 years ago | (#40121209)

Eventually standard surveillance cameras will be able to capture retina images. Being able to precisely locate you at any time and implicate you without appeal is "privacy friendly"? The database is the enemy of privacy.

Re:So update the scan with renewal (1)

markdavis (642305) | more than 2 years ago | (#40125249)

Sorry, that is not going to happen. Physics won't let it. You might be able to get a partial *iris* scan from a distance, but not a retinal scan.

Re:So update the scan with renewal (0)

Anonymous Coward | more than 2 years ago | (#40133773)

Retinas can change a lot over time with diseases such as AMD (not the chip maker.) 10% of the over-65 population, and 33% of the over 75 population. Retinas aren't going to be useful for biometrics any time soon.

Re:So update the scan with renewal (1)

markdavis (642305) | more than 2 years ago | (#40134299)

I am going to guess that just about everything in the human body changes over time.... even DNA (slightly).

Re:So update the scan with renewal (1)

Anonymous Coward | more than 2 years ago | (#40120523)

Fingerprints themselves are horribly flawed even though they're accepted as a means of identification. Theoretically they're pretty good, but in practice they're somewhat less good as you're not typically dealing with a small number of features being matched out of the entire print. What's more because there's a finite area and a minimum size of the features there will be duplicates from time to time.

Re:So update the scan with renewal (1)

arose (644256) | more than 2 years ago | (#40120617)

Just like cryptographic hashes are bound to have collisions without necessarily diminishing their usefulness, duplicate fingerprint detection is unlikely to cause misidentification if fingerprints are used in an appropriate context.

Re:So update the scan with renewal (0)

Anonymous Coward | more than 2 years ago | (#40121211)

Accepted for what purpose? To establish with some likelihood that a certain person left their fingerprints at the site of a crime is quite the different proposition than having some machine take a good look at your fingers before deciding to let you have your money or to let you inside some building, maybe your own home. The process and attention to matching is quite different, as are the repercussions and ways of redress in case of error.

That acceptance for criminal scene matching is itself overrated also. We assume a fingerprint match is pretty good after looking at it closely indeed, but we lack the systematic body of evidence that scientific rigour would demand. As such, this is only so-so in the science-y. Same, amazingly, with DNA matching, where various "laboratories" use different matching methodologies and often can't even explain what they're using, nevermind the differences, pros and cons, of each methodology. As a result judges and juries remain entirely uninformed of the consequences of the methodology choices, and so they don't really have the background to understand what the evidence really means.

Thus even criminal identification rests largely on assumptions, and poor ones at that. In the casual identification case, a mis-reading instantly brands you as an evildoing impostor of yourself, and that with very poorly defined redress.

Re:So update the scan with renewal (1)

gl4ss (559668) | more than 2 years ago | (#40119483)

how do you force the guy in somalia to renew before he tries to immigrate again?

Re:So update the scan with renewal (0)

Anonymous Coward | more than 2 years ago | (#40120499)

Huh? If he is in Somalia and is trying to migrate AGAIN, then:
1) you already have his scans and prints
2) you caught him and deported him.

Not a problem.

Iridology (-1)

Anonymous Coward | more than 2 years ago | (#40118891)

so Iridology has a real basis
http://en.wikipedia.org/wiki/Iridology [wikipedia.org]

Re:Iridology (2)

maxwell demon (590494) | more than 2 years ago | (#40119363)

Non sequitur. Just because the iris changes doesn't say it tells you something about your health status. The planets indeed move, does that validate astrology?

Re:Iridology (1)

quixote9 (999874) | more than 2 years ago | (#40122131)

What iridology does tell you is that people noticed changes in irises decades ago. And they do change a lot and quite quickly in a noticeable number of people with medical conditions, eye irritation, trauma, etc., etc. The researchers at Notre Dame needed to walk across the quad and get some feedback from ophthalmologists before they published.

Error margin still well within limits (3, Insightful)

Opportunist (166417) | more than 2 years ago | (#40118917)

One in a million instead of one in two millions. I guess it would still not overload the average office clerk to double check that many people. Yes, it would be a nuisance, but a minor one.

Don't get me wrong, I'm not really a fan of biometrics, but I guess we'd have to come up with a better reason than one of statistical insignificance. Likewise you could say inoculations are bad because one in a million develops a rash so let's toss it altogether.

The only thing that I can take from this is that officials should be informed that a negative on a biometric scan is NOT necessarily a proof that the person is not who he claims to be.

Error is not 1 in a million (4, Interesting)

Anonymous Coward | more than 2 years ago | (#40119495)

The tolerance is already set so loose that it only fails to approve the person 1 in 1 million times. It isn't the error rate, it's a reflection of the *wide* error tolerances set.

They did the same trick with the facial scanners, they rejected too many people when trialed at UK airports, so they 'recalibrated' them until they rejected only an acceptable number of people. Where 'recalibrate' is really just increasing the error margin till the reject rate is low enough that the last labour government can justify the purchase price.

Here they've set the iris scanner to only reject 1 in a million, and now it has to be set 3 times looser to reject 1/3rd of 1 in a million in order to keep the reject rate low enough so that it will still be that low after 3 years.

Oh, and one little side effect of these biometrics is that now have to get our passports updated every 5 years instead of 10, making any cost saving at the expense of the passport holder.

Re:Error margin still well within limits (2)

berzerke (319205) | more than 2 years ago | (#40120629)

One in a million instead of one in two millions. I guess it would still not overload the average office clerk to double check that many people. Yes, it would be a nuisance, but a minor one...officials should be informed that a negative on a biometric scan is NOT necessarily a proof that the person is not who he claims to be.

Unfortunately, the number of times this will happen legitimately is still low enough when it it happens, the person who's iris has changed will automatically be assumed to be a scammer or criminal. If it happens fairly regularly, as some have suggested, then negative scans are just going to be assumed to be false negative, and there will be some simple procedure to "fix" it that criminals can exploit.

Ever heard of a database? (2)

_Shorty-dammit (555739) | more than 2 years ago | (#40118949)

Why not simply use a database to store the scan, and to compare the current scan, and replace with the current scan if it is considered a match? Then the issue is gone. Replaced by other IT issues, I suppose. But still...

Re:Ever heard of a database? (0)

Anonymous Coward | more than 2 years ago | (#40120533)

Then you need to write to the database with EVERY transaction. I believe that most databases of this nature are stored in a central location and diffs are sent out to the points of use every 24 hours or so, which only support reads.

Re:Ever heard of a database? (1)

TheLink (130905) | more than 2 years ago | (#40121259)

Which remote scanners do you trust to cause your database to be updated?

Get an animation program to create all the necessary in-between frames between your target victim and your target final fake iris (which should not be the same as the one in your eye unless you want to get caught easily).

Re:Ever heard of a database? (1)

_Shorty-dammit (555739) | more than 2 years ago | (#40121905)

If it matches me, it's me, no? So, all of them?

Re:Ever heard of a database? (1)

TheLink (130905) | more than 2 years ago | (#40121989)

If it matches your iris it does not mean it's you, unless there is a well trained guard standing there making sure you're not doing strange things...

So all of them means you need to secure all of the scanners to prevent your database from getting falsified data.

No problem (1)

subreality (157447) | more than 2 years ago | (#40118995)

Just make sure you stop at all the checkpoints frequently enough that we can keep our records up to date.

Re:No problem (1)

JustOK (667959) | more than 2 years ago | (#40119431)

they wouldn't let me through the checkpoint at the checkpoint

Adaptive (2)

jamesh (87723) | more than 2 years ago | (#40119005)

Unless you are going 6 months without being scanned, and assuming these changes are fairly linearly progressive and not abrupt, it wouldn't be hard to just update the database with the changes based on an allowed variation over time if multiple scanners are registering a change.

If there is anything wrong with biometric scanning it isn't this.

There you go again. (1)

Anonymous Coward | more than 2 years ago | (#40119383)

The usual assumption is that "biometrics" do not change and that they will accurately and precisely uniquely identify an individual for as long as s/he lives, and beyond. Think about that for a minute. Then consider that this assumption is only now starting to be challenged with those who assumed they could rely on it, while lots of governments the world over are busily taking biometrics from anyone with suitable biometrics to take. The US and its border "controls" are a good example, but so are, well, India, China, all of the EU, and so on. Crank up that brain, o smart slashdot reader. This assumption is false, as has been readily demonstrated, for just about every conceivable biometric. Yet it is an assumption that is still being made.

And then you add a comment here full of assumptions. Check them at the door, please. What's wrong with biometrics is that there are false assumptions at every level. Your comment here is a good example. Explaining why left as an exercise.

Re:Assumption hopping (0)

Anonymous Coward | more than 2 years ago | (#40121491)

"... assuming linear progression(?)" Why the fuck would you do that? It's like depending on genetic mutation to advance the evolution of your species; it's s l o w and a h a p h a z a r d method of improvement. But if your customers don't think about it, at least it keeps you in the game and billing.

TFA reads: "But Bowyerâ(TM)s view is that it comes down to an incorrect and optimistic assumption made at the outset of iris biometrics."

Do you also *assume* that there's job security in kludge hopping?

India (-1)

Anonymous Coward | more than 2 years ago | (#40119019)

imagine how that will affect a system like India's — which already has 200 million people enrolled — over 10 years

I imagine they'll just throw in jail the persons with the changed irises. It's not like they care that much about people in the first place.

Re:India (0)

Anonymous Coward | more than 2 years ago | (#40119065)

India, not Indiana. Easy mistake to make.

Iris scanning is NOT used to police immigration (3, Informative)

nogginthenog (582552) | more than 2 years ago | (#40119079)

Iris scanning is NOT used to police immigration in the UK. It was a failed experiment and people are no longer able to register their eyes. Any idiot passing through immigration at Heathrow or Gatwick could see it was taking the biometric people longer, even though there was no queue.

Re:Iris scanning is NOT used to police immigration (1)

Anonymous Coward | more than 2 years ago | (#40120281)

True, but it still took less time than the hour I spent in the queue at Gatwick yesterday or the TWO FUCKING HOURS in a queue at Heathrow last month. Efficiency is not something the British do, at all.

As a legal tax-paying (highest tax-bracket) resident (with "no recourse to public funds" I might add - despite the outright lies the Mail and the Sun print) I used to be eligible for IRIS, now I cannot use it and have to join the non-UK or EU queue instead, even though I have a big UK Resident chevron embossed in my passport (of a Commonwealth Realm I might add) and the UK/EU queues are empty and the desks there are still fully staffed.

Now this useless reactionary government suggests that airlines can pay to have more staff on - staff that my taxes ARE SUPPOSED TO BE PAYING FOR. Of course the airlines will simply pass on the cost - but will I see any correlating reduction in my taxes? Hahahahaha, hohohohohoh, heeheeheeheehee... Fat fucking chance...

I for one have had enough and am moving my skills, expertise and tax-revenue to another economy that wants and values talented people, not treats them like garbage.

Re:Iris scanning is NOT used to police immigration (0)

Anonymous Coward | more than 2 years ago | (#40129425)

The error rate of iris scanners is already extremely high, from my experience. A few years ago I registered for the IRIS scanners used at UK airports. They give you 9 attempts to get your iris read, even after this, my experience is that it works and lets you through about half the time. And the technology is obviously very unreliable, as typically there are two scanners available at each airport terminal, of which at most one is working. Obviously offical opinion is that they aren't worth having, as the IRIS system is about to be discontinued, and new registrations are already closed. Pity, it sounded a good application of modern technology, but with the UK Home Office involved, how could it possibly succeed?

The fact that irises change... (1)

Hymer (856453) | more than 2 years ago | (#40119185)

...has been known for centuries. Biometric do not work like stupid politicians want it work.

sigh (1)

anonieuweling (536832) | more than 2 years ago | (#40119513)

Biometric stuff invades our privacy.
But still: does the detected error rate increas matter?
We do not *identify* people via the iris scan, or do we?
If we just match a person to his/her's passport the error rate is insignificant.

Retina (1)

markdavis (642305) | more than 2 years ago | (#40119811)

Retina scans probably suffer from less changes and would be a better choice.

As for privacy: Retena scans are FAR more privacy friendly than fingerprints or DNA. We don't go around leaving our eye prints all over the place. And it is far more difficult to obtain them clandestinely.

changes quickly too (0)

Anonymous Coward | more than 2 years ago | (#40119825)

I have no background in medicine, but that doesn't change the fact that I know both disease and injury can cause drastic changes to the iris. I found out the bit about disease via a news story about a little girl who's cancer was discovered after her picture was posted on facebook (possibly another social networking site - I'm too lazy to google it right now, if you wanna know more, google is your friend). Researching my own eterochromia iridum, i read that this can be caused by a blow to the head.
do the people who design these systems bother learning about the anatomy and mechanics of the eye?

Already solved (1)

jaak (1826046) | more than 2 years ago | (#40120383)

The company I work for uses biometric security. The readers we use know that biometrics change over time and automatically update their databases every time you use the system (using some secret time weighted algorithm) .

You can set a threshold for the change/deviation/etc (in some people it changes more often than others). Our system only uses biometrics for authentication, not identification (that is, the biometrics confirm your ID, the biometrics are NOT your ID).

Duh (1)

nurb432 (527695) | more than 2 years ago | (#40120779)

No kidding. Our bodies change over time, who would have ever thought?

Even our very DNA can change due to radiation..

company rules. (2)

denbesten (63853) | more than 2 years ago | (#40121263)

Guess our bodies are just complying with the company rules to periodically change our passwords.

Everything changes (1)

jklovanc (1603149) | more than 2 years ago | (#40123289)

Face changes; A picture taken over 10 years ago is significantly different that mine today.
Fingerprints change; scars, acids, growth all cause fingerprints to change significantly.
Signature; My signature is rarely the same twice.

I just love it when a sensationalistics statistic is used. The article states a 153% increase in failure rate. How about you look at the pass rate; it would decrease from 99.99995% to 99.999875. That is a decrease of 0.000075%. That change is pretty insugnificant.

sensation brings money? (1)

freaker_TuC (7632) | more than 2 years ago | (#40133719)

Sensational statistics, bring more cash in the drawer; how else are they going to adapt all these machines for their 0.000075% off-tolerance ? :)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>