Oh, come on... y'all don't have fake ID where you come from? If any relatively resourceful 17 year old could get one before going out with some friends to a bar, imagine what a hacker/terrorist could do.
-----Original Message----- Sent: Thursday, October 18, 2001 11:00 AM To: Multiple recipients of list ORACLE-L Post justification... :-) This is ON topic (sorta) 'cause it's related to password security and the validity of a "fuzzy match." First of all, when applying for an ID card the prospective holder of the card has to be physically present in order to get their mug shot and prints- a significant deterent to fraud. Next, during the identification phase, the ID card is scanned just like a credit card and, using an encrypted unique PK index value, the physical attributes of the supposed card holder are retrieved. That shouldn't be a database performance issue even with a U.S. population of 300,000,000. Then the mugshot of the ID is displayed on a screen for human and machine visual verification and the card holder places his palm on a device for matching with the retrieved ID. If the chances for failure on either identification method is 0.0001 to 1 then isn't the chance for their combined failure 0.0001 squared or a million to one? There's a device for PC's where you login by placing your index finger on a reading pad. Anyone ever used it? This could be extended for access to the oracle sys, system, and DBA accounts with the computer responding, "Hello DBA. You are in ABSOLUTE control of all data." Of course, secure identification via password or physical attributes doesn't prevent the DBA from data abuse (like using someone else's MasterCard) just as it wouldn't prevent an identified person from committing a terrorist act. Ultimately we need to identify the character and trustworthiness of the individual and no computer can do that. But both Big Brother and Little Brother still want to "take care" of you. ;-) OK, now I'm going to check out that Yahoo link. Steve Orr -----Original Message----- Sent: Thursday, October 18, 2001 4:35 AM To: Multiple recipients of list ORACLE-L I think I read that Oracle were planning to donate the software. I know that they already get a *lot* of business from government contracts. But this is nothing more than Larry trying to get some free publicity, and maybe sell some lucrative consulting and support work. Scott McNealy from Sun is also jumping on the bandwagon because a) no-one wants to buy his Java smartcard and b) he doesn't mind who runs Big Brother's database so long as it isn't on x86/NT. Now, Oracle (see, I am on-topic :0) )have some pretty fancy visual information retrieval stuff that could maybe be useful for face recognition, right? But (referring to Schneier's analysis, http://www.counterpane.com/crypto-gram-0109a.html#3) even 99.99% accuracy isn't enough. That is, if the person is a known terrorist there is a 99.99% change of the software recognizing him or her, and of a person is not a terrorist, then there is a 99.99% change that the software will not think that they are. Now let's assume that one in every 10 million airline passengers is a (known) terrorist. Even this is difficult, because remember the hijackers all had legal IDs, their own, and no criminal records that would have made airport security suspicious. All passengers are scanned by this system. For every terrorist that is caught, there will be 1000 false alarms. That's crying wolf too often for anyone to take it seriously. And, in the real world, the system isn't anywhere even *near* 99.99% accurate. Change it down to 95% and run the numbers... The solution isn't technological at all, but technological solutions are a "magic bullet" used by people too "liberal" to face up to the fact that WASP grandmothers from the Midwest don't hijack airliners, but there is an easily recognizable subset of the world's population who do seem to produce most of the world's hijackers. g -----Original Message----- Sent: Wednesday, October 17, 2001 11:10 PM To: Multiple recipients of list ORACLE-L Yeah, but what if you were the DBA for that database? ;-) The article did say that some "prominent civil libertarians" were not completely averse to the idea. The ID card would only be mandatory for non-citizens and voluntary for citizens. I confess that as a recovering libertarian I'm conflicted. We already have to prove our identity for social security cards and driver's licenses (to a lessor degree and varying by state). A national plan would just be taking a situation that already exists and making it bigger and more effecient. ;-| Of course what's voluntary today can more easily become mandatory tomorrow. Hmmm... I wonder what the support fees would be for such a "beast?" ;-) Steve Orr -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Orr, Steve INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Bellows, Bambi INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
