Using the Iris for biometrics
Jun. 19th, 2023 02:47 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
walkitouthttps://www.bloomberg.com/news/articles/2023-06-15/the-eye-scanning-orb-that-lets-humans-prove-they-re-human
You can listen to it. You can watch the video. That link also includes a lightly edited transcript.
I generally feel like people who are doing crypto or crypto adjacent stuff show up on Odd Lots and 1-3 weeks later they are in a whole lot of trouble with somebody. This is a crypto adjacent thing, so I’m kind of expecting that to happen here, altho I have no idea precisely how that will manifest.
But I’m also interested in using iris texture recognition for identification purposes. I think it is fair to say that absolutely anything you use for identification purposes can fail in really unfortunate ways, either inadvertently or because humans are amazingly scammy.
I did a little digging specifically on cataracts, because cataracts are ludicrously common and as our global population ages, this is only going to happen more. And cataract _surgery_ would appear to be another way in which eye-related recognition could fail. The short answer here is: about 10% of cataract surgeries will result in an iris texture that is meaningfully different from pre-operative texture and will require re-enrollment in the identification system. That’s both an “inadvertent” fail and also an amazing opportunity for scamming.
Each eye has a different iris texture. A lot of people have two eyes. But not all people have two eyes. In fact, some people don’t have eyes at all, due to being born that way, or trauma. Even people with eyes, but who suffer eye trauma and require iris reconstructive surgery may need to be re-enrolled. Less common than cataracts, probably, but definitely something that will need to be taken into account.
It is absolutely banal to say that a problem with crypto is people forgetting/losing the thing they need in order to access their account. To the extent that you build a system that requires iris recognition to access, and a person dies, has eye trauma (including cataract surgery) and there is no alternative way to access it, then the “access” component of this system is gonna be pretty bad! And to the degree that there _is_ an alternative way to access it, then that’s where security problems will proliferate.
Recently, we’ve seen law enforcement use the immutability of the bitcoin ledger to connect people to crimes and prosecute them _a decade or more later_. Using iris recognition to connect people to accounts and systems in a trustless way would seem to introduce another opportunity for this kind of delayed FAAFO.
Finally, to the degree that accounts attempt to build a financial system that is outside of jurisdictions, users will find themselves deeply unhappy that the resources flowing through that system are not subject to the laws of jurisdictions. I mean, that’s obviously the goal, but people are stupid. They’ll be all happy at the prospect of evading taxes and then get mad when they get scammed. They might be happy at being able to move money across borders freely and then get mad when they have no way to claw back money that their soon to be ex-spouse moved beyond the reach of a divorce settlement or child support payment judgment.
In any event, Odd Lots did not get into any of that. The person they interviewed said some things like this:
“So you build systems that are not dependent on a small group of people, can be completely verified and can run over decades without being interrupted.”
Statements like that are _deeply_ hilarious (and infuriating!), but honestly, if you are talking about software and using a phrase like “completely verified” then you have just indicated that you know absolutely nothing and I’m still trying to figure out why I’m wasting my time listening to you.
Anyway. Worldcoin and the Orb are stupid, and I expect something to crater in 1-3 weeks, but iris texture recognition as a biometric is probable, and we should be thinking about how to handle cataracts and re-enrollment in general. With surgery, you can identify before surgery and re-enroll after surgery and _presumably_ build a nice, solid protocol for making sure that the surgery isn’t an opportunity for a person to become a different person or whatever, from a digital identification perspective. But with trauma, that can happen to anyone at any time. There’s gonna be a huge potential for loss of access unless there’s a mechanism for access that is Other Than Iris, and as soon as you have an alternate mechanism, all the security attacks will glom onto that, too.
You can listen to it. You can watch the video. That link also includes a lightly edited transcript.
I generally feel like people who are doing crypto or crypto adjacent stuff show up on Odd Lots and 1-3 weeks later they are in a whole lot of trouble with somebody. This is a crypto adjacent thing, so I’m kind of expecting that to happen here, altho I have no idea precisely how that will manifest.
But I’m also interested in using iris texture recognition for identification purposes. I think it is fair to say that absolutely anything you use for identification purposes can fail in really unfortunate ways, either inadvertently or because humans are amazingly scammy.
I did a little digging specifically on cataracts, because cataracts are ludicrously common and as our global population ages, this is only going to happen more. And cataract _surgery_ would appear to be another way in which eye-related recognition could fail. The short answer here is: about 10% of cataract surgeries will result in an iris texture that is meaningfully different from pre-operative texture and will require re-enrollment in the identification system. That’s both an “inadvertent” fail and also an amazing opportunity for scamming.
Each eye has a different iris texture. A lot of people have two eyes. But not all people have two eyes. In fact, some people don’t have eyes at all, due to being born that way, or trauma. Even people with eyes, but who suffer eye trauma and require iris reconstructive surgery may need to be re-enrolled. Less common than cataracts, probably, but definitely something that will need to be taken into account.
It is absolutely banal to say that a problem with crypto is people forgetting/losing the thing they need in order to access their account. To the extent that you build a system that requires iris recognition to access, and a person dies, has eye trauma (including cataract surgery) and there is no alternative way to access it, then the “access” component of this system is gonna be pretty bad! And to the degree that there _is_ an alternative way to access it, then that’s where security problems will proliferate.
Recently, we’ve seen law enforcement use the immutability of the bitcoin ledger to connect people to crimes and prosecute them _a decade or more later_. Using iris recognition to connect people to accounts and systems in a trustless way would seem to introduce another opportunity for this kind of delayed FAAFO.
Finally, to the degree that accounts attempt to build a financial system that is outside of jurisdictions, users will find themselves deeply unhappy that the resources flowing through that system are not subject to the laws of jurisdictions. I mean, that’s obviously the goal, but people are stupid. They’ll be all happy at the prospect of evading taxes and then get mad when they get scammed. They might be happy at being able to move money across borders freely and then get mad when they have no way to claw back money that their soon to be ex-spouse moved beyond the reach of a divorce settlement or child support payment judgment.
In any event, Odd Lots did not get into any of that. The person they interviewed said some things like this:
“So you build systems that are not dependent on a small group of people, can be completely verified and can run over decades without being interrupted.”
Statements like that are _deeply_ hilarious (and infuriating!), but honestly, if you are talking about software and using a phrase like “completely verified” then you have just indicated that you know absolutely nothing and I’m still trying to figure out why I’m wasting my time listening to you.
Anyway. Worldcoin and the Orb are stupid, and I expect something to crater in 1-3 weeks, but iris texture recognition as a biometric is probable, and we should be thinking about how to handle cataracts and re-enrollment in general. With surgery, you can identify before surgery and re-enroll after surgery and _presumably_ build a nice, solid protocol for making sure that the surgery isn’t an opportunity for a person to become a different person or whatever, from a digital identification perspective. But with trauma, that can happen to anyone at any time. There’s gonna be a huge potential for loss of access unless there’s a mechanism for access that is Other Than Iris, and as soon as you have an alternate mechanism, all the security attacks will glom onto that, too.