Introduction
On a Thursday in December 2018 in Leipzig, Germany, the selfproclaimed hacker and computer scientist Jan Krissler, alias ‘starbug’, and his colleague Julian showed the assembled crowd at the Chaos Communication Congress how they could fool a hand-vein biometric sensor with the use of a fake hand. The hand was made by capturing their palm vein patterns with a digital camera from which the infrared filter had been removed, mounting the patterns on a wooden hand and covering it with a layer of wax skin (Burt, 2019) (see Figure 9.1). Before this event, vein biometrics was considered one of the most secure biometric technologies. Vein patterns are located under the skin and were therefore considered more difficult if not impossible to fake.
Biometric technologies are digital technologies developed to register, recognize and distinguish individual bodies. Fingertips, faces, eyes, veins and other body parts enrolled for biometrics are considered unique in their dimensions, textures and patterns. These technologies are increasingly being discussed as their use proliferates across contexts. Fingerprint-, facial- and to some extent iris recognition are widely used in border control and consumer electronics (computers, smartphones, cars), for access to restricted sites, for identification of beneficiaries in health or social systems, in refugee camps, and increasingly for identification in banking (Bonneau et al 2018; Jacobsen, 2017, 2019; Grunenberg, 2020a). Biometric technologies are often talked about in terms of convenience and/or security by industry representatives. They are convenient because they make it unnecessary for individuals to remember passwords. As one biometric researcher argued, “You can forget your password, but you can't forget your body” (interview, Peter, professor of biometrics). Furthermore, according to researchers, they potentially enable more seamless interactions: doors that open as you approach, car seats that auto regulate to the particular body of a driver by, for example, registering a fingerprint. Biometric technologies are conceived of as security-enhancing devices because ideally they make it possible to distinguish between individuals who may legitimately cross a boundary, whether a national border or a more prosaic perimeter such as the entrance to an office, and those who may not.
In biometric research the notion of ‘spoofing’ appears to identify a particular form of impostering. The example of palm-vein spoofing mentioned at the opening of this chapter is a case in point.