SoylentNews is people
SoylentNews
from the I'm-sure-they'll-delete-the-records-when-they're-no-longer-needed dept.
JPMorgan requires staff to hand over biometric data to access new headquarters New York bank is imposing eye and fingerprint scans amid heightened security concerns at corporate offices
JPMorgan Chase has told staff moving into the US bank's new multibillion-dollar Manhattan headquarters they must share their biometric data to access the building, overriding a prior plan for voluntary enrolment.
Employees who have started work at its 270 Park Avenue skyscraper since August have received emails saying biometric access is "required", according to a communication seen by the Financial Times. This allows people to scan their fingerprints or eye instead of ID badges to get through the lobby security gates.
[...] Dave Komendat, chief security officer at Corporate Security Advisors, said biometrics had been used for decades at higher-security areas, such as government installations and data centres, but putting them in commercial buildings for large numbers of people would be used at a new and larger scale.
https://www.ft.com/content/d5351d3d-d64f-4a90-a3da-d1ef8e8bea66
https://archive.ph/YCV85
[Ed. question: Would this be a deal breaker for any of you for joining or continuing to work at the company?]
(Score: 5, Insightful) by sneftel on Monday October 20, @12:06PM (6 children)
Christ, this same mistake gets posted like clockwork under literally every story about biometrics. "What if the data gets stolen?? I can't change my [piece of anatomy]!"
This mistake stems from the analogy of passwords, which seek to provide secure authentication by means of secrets. There's a datum you know, and the service also knows the datum (or, at least, knows a hash of the thing) and you provide the datum in question to prove that you are the one and only person who knows that datum.
But biometrics aren't about secrecy. Nobody tries to keep their eyes secret. They post pictures of them publicly, in fact. Biometrics only work because of trusted hardware. The thing which says "this is so-and-so's eyeball", or equivalently "this user has an eyeball which looks like such-and-such", is a hardened and attested device which is trusted to only provide true information about the eyeball presented to it, including verifying that the thing being presented to it is an actual human eyeball. Trusted computer hardware is difficult to get right, but people have been working on that problem for the better part of a century and at this point they're really quite good at it.
Think of it as the difference between an old-style (pre-chip) credit card reader and a coin acceptor. It's trivial to copy the magstrip of a credit card, and the credit card reader would have no idea; the secrets are the only thing special about the credit card. But all nickels look the same. The security of a coin acceptor comes from the physical difficulty of copying coins. As long as the vending machine is sure the coin acceptor hasn't been tampered with, it can trust that the signal that a nickel was inserted represents an actual nickel having been inserted.
So when you say "I can't change my eyes", consider first whether you can copy your eyes.
(Score: 4, Informative) by pkrasimirov on Monday October 20, @12:41PM (1 child)
A machine can copy my eyes, more specifically all information it deems sufficient to identify them among others. Whether it will store that information, or a hash of it, or a secure hash of it for future comparison, is not in my control or knowledge. You can argue it's okay because it's not really my eyes but the laws in EU disagree.
(Score: 3, Insightful) by sneftel on Monday October 20, @09:57PM
Again, it doesn’t matter if they get copied. Do you protect your fingerprints? Carefully wipe down all the glasses you touch? No. Biometric information of this site is not a secret. It has no inherent value and is not used in situations where secrecy os important.
As I say: people make this mistake frequently. Politicians aren’t immune.
(Score: 5, Insightful) by VLM on Monday October 20, @01:26PM (1 child)
Technically its very easy to fool those machines.
Its a risk reward thing where you're supposed to have an armed guard standing there making sure people are not holding up a picture of someone's eye or wearing a rubber glove with a picture of fingerprints on it. It doesn't cost much to distract the guard.
The real purpose as usual with these people, is a mix of security theater and ritual humiliation.
With a side dish of "oh it makes people mad so 3% of our employees leave? Thats cool we were expecting 5% layoffs this year so now we only have to "work" for an additional 2%"
My experience is with secured data center doors quite a few years ago; they were mostly for show. They also well out of alignment FAST with heavy use so just turn down the sensitivity dial until anyone's hand works all the time. Also they were ungodly filthy. You'd want to wash your hands after touching the hand scanner but couldn't; this is very "post-covid" making everyone touch everyone else eww gross.
(Score: 2) by mcgrew on Tuesday October 21, @03:56PM
Technically its very easy to fool those machines.
That's the theme of Minority Report that struck me.
Mad at your neighbors? Join ICE, $50,000 signing bonus and a LICENSE TO MURDER!
(Score: 5, Interesting) by VLM on Monday October 20, @01:39PM
"That 24x7 human touch to guard the machines is expensive, lets just buy a scanner and hook it up directly to the door lock on every entrance to save money. If we had to hire a guard to guard the scanner we'd have just hired a guard to guard the door LOL"
(Score: 2) by krishnoid on Monday October 20, @02:27PM
Apple is proof that the technology is quite advanced and has accounted for multiple considerations. Of course, it's probably not what they're using [youtu.be].