GCHQ and Southampton University – a partnership made in hell
ZDNet has a brief story about GCHQ, which only goes to show how little GCHQ understands about business and security. The UK’s primary electronic spy agency is partnering with Southampton University to develop better biometric security. “GCHQ,” says the report, “will be working closely with the University of Southampton‘s new research hub on issues facing UK security, such as human identification and data privacy in a bid to help protect the country from cyberattacks.”
That’s good. Biometric access control at the door will stop people getting into secure facilities; biometric access at the keyboard will stop bad actors accessing the networks. So what are they working on? Fingerprints? Iris? Facial or vocal recognition? Hand scans? Finger vein prints? Any of those might work.
No. According to the report, “The new thing we’re looking at is soft biometrics,” said Professor Mark Nixon, an academic at the university, working in the new cybersecurity centre. “You can describe someone as tall, thin, or fat and then use that information to retrieve people from a video.”
“The two main themes we are looking at are data privacy and identity management,” added Professor Vladimiro Sassone.
This is where I think I need to explain some basic security facts to GCHQ: statement two is simply non sequitur to statement one. Unless you are videoing everybody in the country at all times (to catch the mobile cyberterrorist on his tablet in the street) and also have a video record of everybody in the country along with details of who they are to compare him/her with, then this is not going to work.
Unless… you don’t think… oh shit.