Japan Times et al: Four people snagged for fingerprints over 7 months. No longer an “anti-terrorism” measure. Of questionable effectiveness anyway.
Posted by debito on July 8th, 2009
Hi Blog. Debito.org Reader AS makes the following poignant comment:
Hi Debito, You’ve probably seen this already, but just in case here is a link to a JT article on the “effectiveness” of fingerprinting at airports. http://search.japantimes.co.jp/cgi-bin/nn20090630a4.html
The Japan Times Tuesday, June 30, 2009
Biometric ID system catches four
NARITA, Chiba Pref. (Kyodo) Immigration authorities have successfully detected four people since January trying to enter Japan illegally by trying to fool the biometric identity system…
The authentication system is designed to detect foreign nationals with a history of deportation from Japan based on fingerprint data…
The biometric identification system was introduced in November 2007 as part of antiterrorism measures under a revised Immigration Control Law.
Full article at
COMMENT FROM AS: Apparently the system has resulted in a grand total of four people getting caught in the last seven months. To me that seems like a massive waste of national resources, especially since there are other ways of detecting illegal re-entrants.
Also, the article drops the pretense that fingerprinting is an anti-terroism measure:
“The authentication system is designed to detect foreign nationals with a history of deportation from Japan based on fingerprint data.”
So now apparently the purpose of the system is cracking down on illegal entry and over-staying.ENDS
Another Debito.org Reader commented thusly on much the same subject:
Last Monday, June 29th, Kyodo released a press anouncement from the Immigration Bureau that shows that fingerprint evasion happens on a larger scale than previously assumed (see http://www.japantoday.com/category/crime/view/altered-fingerprints-detected-in-illegal-immigration-attempts).
According to a friend of mine, an article on page 29 of the Kobe Newspaper (evening edition) had additional information. Note that I could not confirm the contents personally. But I send you the highlights anyway, with added personal comments.
Apparently one of the Immigration Officers was quoted saying that the machines could not be trusted anymore as so many new ways to attempt to evade them show up.
Comment: If this statement was quoted correctly as an official statement, it took the Immigration Bureau long enough considering that the groundbreaking article from Yokohama National University (http://www.lfca.net/Fingerprint-System-Security-Issues.pdf) on this subject was published more than seven years ago.
For me, two questions follow this anouncement: Did the Immigration Bureau also miss that people can become victims of such identity theft? And did they also miss that the machines can get it wrong even when there is no foul play at all. These two problems form parts of two branches of a fault tree (http://en.wikipedia.org/wiki/Fault_tree) where the undesired event of trouble for me as an innocent person is the root. The first step to cutting down this rather unwelcome tree is for the Immigration Bureau to know it’s business…
The article apparently went on to state two measures the Immigration Bureau announced to take against the problem of people trying to fool the system. First of all, they apparently wish to opt for checking the prints visually if the machine gives an error. Second, they apparently wish to install monitors on which the prints can be seen by the officers.
Comments: I will start with the second measure. By default, fingerprint scanners encrypt the captured images on the device itself. This is done as an extra measure of protection, mostly because hacking of computers – even ATM machines.
(http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1357926,00.html) – is so widespread these days. To be able to put the prints on a monitor, that encryption must be turned off, or the images decrypted on the computer.
This is important. Identity systems such as this hinge upon the assumption that the rightful owner has the only key. Mind you, this is already so doubtful (see above) that the focus must be on protecting the owner from the bad consequences of other matching keys instead of beating the dead horse of keeping the key unique.
Nevertheless, removing the encryption opens two new branches in the fault tree of duplicate prints, the computer may not be trusted and the user behind the computer may not be trusted. It is against best practices and about the most irresponsible thing the Immigration Bureau could do. The mere fact that trying to go against a certain flow will not work is not an excuse for making the current run faster…
The good part is that it shows such an action is technically possible. Cybercriminals will find that out anyway, but at least the good willing people can know that too now…
The first measure doesn’t really impact me either way, though I would have preferred to hear something about informing the victims of identity theft as it is discovered and similar things… But it also casts doubt on the Immigration Bureau knowing it’s business, which we have established as a condition for acceptable levels of my safety under this program.
Why does this cast doubt? When someone turns up with fake fingerprints and the machine accepts that the pattern it acquires is not on the searchlist, that is in professional terms a negative. One can argue, depending on whether or not the machine should detect them as fakes, if it’s a true negative or a false one. In a true negative, the machine works as designed, it’s just a very smart attacker. But I digress.
When the machine gives an error, this is most likely a failure to acquire. The machine doesn’t get a useful pattern, or it concludes it’s not offered a live finger.
The two may coincide, but they’re not one and the same. After we already got in the situation where one can conclude that the Immigration Bureau missed a few things, it’s not very hopeful news that they send out an announcement suggesting that they can’t keep their errors apart. I would hope I’m never forced to fly with an airline which has just had a crash due to problems with the ailerons and announce that they are going to fix the flaps, at least not without explaining what they’re doing so that people can verify it was the right decision even though it sounds strange…
When I see things schemes like this fingerprinting, my first question will be: “Am I as an innocent person really reasonably safe with this system, given my overall situation?” The answer to that will almost always be yes, unless there’s a very cynical organization involved. My second question follows just as naturally: “Show me”. To me that’s the issue involved, they declined to show me, and when I started looking myself I increasingly find evidence I would have preferred to point to a different conclusion…
Coupled to this comes the use of a Hobson’s choice to extract the information, give or don’t show. Am I to be blamed that I view the combination of these effects as a sign of desiring not to invest the time and money to counter the risks to me precisely because they are that, risks-to-me (instead of them?). Is it strange therefore that I explain my point of view to people who may consider visiting Japan, and also to people with possibly enough influence to advocate my case, in both situations hurting Japan’s public relations? ENDS
What do Debito.org Readers think? Debito