[ Updated July 2008 to remove the name of the Boing Boing reader who first emailed us this tip, at the reader's request.]
Responding to yesterday's Boing Boing post about tanning salons and gyms that require users to submit to thumbprint ID, reader [name redacted] of Chicago-Kent College of Law says:
You might find these pictures of the Thumb-Scanning Lockers on Liberty Island, NYC interesting. In order to get to "Liberty" Island, you must first have your gear X-rayed by Wackenhut security goons. Then you ride to the island accompanied by Coast Guard types with German Shepherds. Once ashore, you are free to circle the island, take pictures of the statue, and buy overpriced Slurpees.
However, in order to get inside the statue, you have to stow your gear in a locker… that requires you to use your fingerprint as a key!!! You can also pay with a credit card, that way if anyone hacks the machine, they can have your print AND your credit card information. This must be in place to protect us from those Al Qaeda frogmen that are clever enough to swim ashore, but are too stupid perform their dastardly deed at night where they can circumvent the locker bay by climbing the seemingly easy-to-climb wall.
In all likelihood, its probably to condition us into giving up our biometric information at every turn [As if biometrics could never be hacked…] so that security companies can make even more $$$, while we become more and more sheep-like each day. In any case, I didn't go inside.
However, later that day, I was falsely arrested near Ground Zero with 200 other people. I was a legal observer at the Republican National Conventions. First they said people could march, then they arrested them. They took us to Pier 57, and then the Tombs where we were laser-printed on ALL of our fingers with a SAGEM machine because we "might be terrorists." After denouncing us as anarchists and enemies of the state, the city dropped the charges [on our group anyway] a month later. The latest stories indicate that over 90% of the charges were dropped or found to be baseless. The police were also caught fabricating evidence.
[redacted]'s snapshots: one, two.
Previously: Arkansas salon requires thumbprint to get a tan
Reader comment: BB reader Grahame Armitage adds:
You mentioned people having their fingers scanned if they wanted to go inside the Statue of Liberty, well I had a similar experience when visiting Disney in Florida. Every park we visited required us to put our fingers inside the scanner – the first two fingers (separated by a peg). Just like giving the vees. As I was there on holiday with the wife, children and family I never gave it another thought. Especially as I come from the UK I just assumed it was the norm.
BB reader Mason says:
Just want to point out (not sure if this is the right place to do it) that thumbprint scanners DO NOT store your thumbprint. They use certain identifiable features of your thumbprint to match, sort of like a hash of your thumbprint. Your print CANNOT be reconstructed from the data these scanner save just as a computer password cannot be reconstructed from the saved hash The idea that these scanners work on is that each thumbprint has many features and when you combine each small metric (I believe there's 20-30 that they use) you create a hash of the thumbprint that can only be made by that thumb. So they're not as invasive as the (very reactionary) posts the past two days seem to imply. No one can steal your identity from the data stored by a thumbprint reader.
Brian Geiger says:
I used to live in Orlando, and I was there when Disney first started instituting the biometrics. Basically, it measures the distance between some of your knuckles on the right hand. Then that information is imprinted on your ticket, so nobody else can use the ticket. Disney charges a lot for tickets, and certainly doesn't want one person to use the ticket for the first half of the day, and somebody else to use it for the second half of the day. They first started using it for Season Pass holders. So, while they are incredibly greedy, I don't think the Disney issue is particularly sinister, if it's the same system they're using at Disneyworld.
drwormphd says:
here are a couple of links that support mason's explanation: an epa primer on biometric hand and finger geometry recognition: Link; and an unofficial wdw info guide faq on the disney finger scans: Link.
And Wired News editor Marty Cortinas, beyond whom no bullshit passes, says:
I know everyone is talking about thumbprints, but the picture clearly indicates the machine wants to scan the right index finger. Finger, thumb, whatever.
Reader Brian says:
In response to the story, Arkansas salon requires thumbprint to get a tan, I'm shocked, SHOCKED that no one has posted information on how to fake finger prints. You have a story at the Register, another link, and my favorite, step by step picture example.
Alex Fajkowski says:
I am working on a project with the DHS that fingerprints people after they were arrested at the US border. BB reader Mason is not correct when he said these scanners do not store your prints. It depends on the system.
The DHS takes people prints (either two print or ten print), creates a WSQ compressed version of them, and extracts minutiae (about 30 points of interest on the print where ridges intersect). Your fingerprint can be reconstructed from the WSQ version. The DHS' system stores the WSQ and Minutiae in one of its many fingerprint databases. It is entirely possible these scanners submit prints to DHS databases for analysis and storage.
