Theme Park Sign: Biometrics Is NOT A Fingerprint

Avatar
Brian Rhodes
Jul 02, 2014
IPVMU Certified

This picture is making the twitter rounds, apparently taken at a Six Flags theme park:

This sign is supposed to allay park-goer privacy fears that fingerprints could potentially be stolen and misused.

Technically, the sign is correct; fingerprint scanners typically read/store numerical data, not pictures.

However, do you think this disarms fear of misuse? If you explained biometrics this way to your customers, would this help relax their apprehension?

JH
John Honovich
Jul 02, 2014
IPVM

This is also technically misleading, if not incorrect. Even if it's 'just' a 'mathematical representation', it is based on one's real fingerprint. If you know the algorithm they used to convert your fingerprint into 'math', you could revert back into (at least a very close approximation of) one's real fingerprint.

I've seen such explanations before, it strikes me as disingenuous.

RW
Rukmini Wilson
Jul 02, 2014

+1

Agreed. Misleading, since a JPEG=mathmetical representation of scanned data points (numbers)

On the other hand, if the 'resolution' of the data points is low enough, no one would really consider it a picture, And given their requirements, i.e. secondary credential, used only for verification of primary, of assumed identity, in a non-critical system, they would only have to store very few (10?) datapoints to effectively tell you from your brother, (when you are trying to use his season's pass). And its not the end of the world if it lets a couple of people in that shouldn't get thru.

So I think it would be better, and more accurate to show something like this at the turnstile, which has 20 datapoints, but is still not reversible to the image at far left:

Though lo-res, it should still be guarded since if this data fell into the wrong hands and they had access to your primary credential, and, most importantly, had a Frankenfinger kit like Brian, they could ride all summer long at six-flags without detection.

Avatar
Marty Major
Jul 03, 2014
Teledyne FLIR

biometrics.gov publishes a Top 10 FAQ list

#2 on the list asks - "What Are The Common Biometrics?

Fingerprint is the first thing listed in the answer. -----> take that Six Flags sign maker!

RW
Rukmini Wilson
Jul 03, 2014

They may have Six Flags but you only get Three Strikes and this sign maker has been warned before for the same type of thing, shown here...

As well as 

But, if I was hired by the sign maker for an obscene sum as a defense team strategist, I would argue that the part of the sign that read "Biometrics are finger scans NOT fingerprints" does not claim that:

Fingerprints are not Biometrics but rather that Biometrics are not Fingerprints. Which is not necessarily the same thing. Just in the same way that the sentence:

Lunch is Tuna on White NOT Turkey on Rye does not imply that Turkey on Rye is not a lunch food, but rather that in this circumstance it is not available as a lunch.

And so the sign is really saying that the Biometric in use here is finger scans not fingerprintswhich is readily apparent when one reads the entire signage.* Re-direct, Counselor Major?

*But like I said it would have to be an obscene amount of money to even go there.

Avatar
Marty Major
Jul 03, 2014
Teledyne FLIR

Me: "The signmaker is a liar!"

[gallery erupts in heavy murmuring; judge pounds gavel, defense jumps to feet to object]

[Judge sustains objection and admonished counsel from making declarative statements and to stick to asking questions]

Me: "Mr. Signmaker - isn't it true that in order to map these 'unique' data points, that scanning of the entire fingerprint is required?"

[Signmaker starts to explain why finger 'scans' aren't fingerprints]

Me: (cutting signmaker off) "Please answer the question Mr. Signmaker - yes or no?"

[Signmaker attempts to hedge]

Me: "Your honor! Please direct the witness to answer the question!"

[Defense objects; claims witness is being badgered; objection overruled - judge directs witness to answer question]

Signmaker: "Finger scans are NOT fingerprints!"

[heavy gallery murmurring; judge pounds gavel; I move to classify Signmaker as a hostile witness]

[Judge admonishes witness with more stern warning.. contempt, etc; directs witness to answer question]

Signmaker: "YES!" We have to scan the enire fingerprint so we can capture the data points required to identify holders of season passes!"

[Subdued gallery murmurring]

Me: "Soooo.... you would have this court believe that even though your system scans the entire fingerprint to capture these 'unique data points', that you don't keep the scanned fingerprint in your database?

Signmaker: "Yes, that is correct"

[I scan the jury with my best skeptical facial expression, like the witness just said the earth was flat]

Me: "I seeeeeeee.... [dramatic, skeptical pause] So, would you agree that [turn up mocking tone; increasing volume as I continue] mapping your unique data points requires the patrons to be fingerprinted?"

[heavy gallery murmurring]

Signmaker: "You don't understand! We only..."

Me: "Yes or NO?!"

Signmaker: "You are trying to confuse me! I am trying to show you..."

[I object; witness not answering question; sustained]

Me: "Does Six Flags capture entire fingerprints in order to create the data points used for [shouting now] identification of your patrons?!"

Signmaker: "YES! But..."

Me: THANK YOU MR. SIGNMAKER! [to opposing counsel] "Your witness."

RW
Rukmini Wilson
Jul 03, 2014

Me: "No Questions, your Honor!"

[another wave of aghast murmuring erupts; the signmaker's expression slowly changes from bewlidered to indignant, as he abjectly moves past the silently shaking head of court reporter on his way down from the stand.]

Me: "Rather, if it would please the Court, the defense would like to recall the Director of the Biometric Services Alliance to the stand!"

Judge: "IT does NOT please this court, and furthermore YOU do NOT please this court, I'm afraid the Court has not the time nor the patience for another one of your 'fishing' expeditions!"

Me: "Your Honor, I believe if the court would allow me to.."

[The agitated judge motions for both counsel to the bench; only the odd soundbite escapes from the hushed and strained voices in conflict: something concerning a "kangaroo" and "3-ring circus", and a warning that this better be "leading somewhere", are all we hear. Judge exasperatedly orders the Bailiff to recall the witness]

Me: "Please state your name and occupation for the court, and may I remind you Sir that you are still under oath."

Witness: "Rod Rippoff, Director of BS, at the BS Alliance."

Me: "Mr. Rippoff, in your prior testimony you claimed that you installed numerous BS systems in aid of fingerscanning, which also had the capability of storing hi-res images of the fingerprints themselves if so enabled. You also claimed to link this data to snapshots taken at the same time the scan was performed. If this is so then I wonder if you wouldn't mind pulling up any records from the east gate at precisely 9:00AM this morning, on your BS fingerphone?"

Witness: "Sure thing, just a give me a second..., ah there it is! Ha! I see you visited our facility this morning, hope you had a blast!" [holds up smartphone with headshot of defense attorney on one side of the screen, and a finger datapoint diagram on the other]

Me: "Let the court note the BS Director to be showing system functionality indicating my own Biometrics. Let the court further show [slowly raising hands as the courtroom holds its breath], that I was born without fingerprints! [court reporter faints, pandemonium ensues, judge calls for order, threatens to clear court] So isn't it true that this system has never recorded anyone's prints and was only designed to scare park goers who would try to beat the system?" [then from the gallery is heard "But I saw it work with my own eyes!"] "What you saw was Rod's Alliance buddies staging a fingerscam routine, where one gets publicly 'busted' trying to use another's card. Isn't that true Rod?"

Witness:[Almost in tears, head in hands] "It wasn't supposed to be like this, we were going to control it this time, keep it pure, you know? We would make BS a household word. People would hear Biometrics, but they would think BS! All went well until the B. Rhodes article was published and a flurry of flagrant Frankenfinger fraud made us abandon any hope of ever collecting a single valid datapoint. But by then it didn't matter because we learned that honest people are terrified of Biometrics, and the sign was just another way to scare them. Anyone can tell that the signmaker had nothing to do with it, look at it, its got BS written all over it!"

Judge:"I've heard enough from you, Bailiff release the defendant and take Mr. Rippoff into custody at once."

[Gavel bangs, loud cheering, court reporter rises, Rippoff swoons, curtain closes?]

Avatar
Carl Lindgren
Jul 03, 2014

Lol. I would bet if they actually ran the fingerprints against a criminal database at Six Flags Magic Mountain, they would be surprised at the number of positive hits for LA gangbangers.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions