Leaving your prints all over the place

Passwords are dying, says Bill Gates, and who are we to disagree? Horrible things: we have to use so many of them now, and people just aren't any good at remembering large sets of random words and regurgitating them correctly. His answer is to move to a tamper-resistant biometric ID card, where certain parts of yourself are digitised and printed out as a barcode: if you present that and the information on it doesn't correspond to your biological bits, either the card or the body isn't what it claims to be. Access denied. If everything's OK, in you go.

For some of us, this is already happening. If you enter the US on a visa -- as us reprobate hacks must -- you'll be electronically scanned for fingerprints and facial features, and the data stashed away on some enormous Department of Homeland Security Database. I got my dabs taken and my long-haul-bloated face snapped last week: for now that data just sits around, presumably waiting to go wrong at the point of maximum inconvenience. But it's destined to be printed as a computer graphic in my next passport, ready to join other graphical information that's already out there sucking paper into the digital world.

Take the new US banknotes. Despite the country's unfathomable addiction to making all notes the same size and colour -- "Why on earth would you want it any other way?", asked one confused American -- the latest designs have a whole set of subtle shades and other security features to make them harder to forge. One of these is a selection of apparently random circles designed to trigger pattern recognition routines in copiers, scanners and image editing software.

The core pattern, which looks something like the constellation of Orion but with a single central blob instead of the three star belt, is also to be found on new notes the world over. You can find it on the UK Darwin tenner under the foliage on one side and in the central oval on the other, just to the left of Queenie. On the £20, it's disguised as notes on a musical stave -- Orionic, as the Irish might say, given the role of music in the debate on digital copy protection. See the pattern once, and there's a particularly good example on Cambridge cryptographer Markus Kuhn's website, and you'll start spotting it on every banknote you handle.

Finding this pattern is sufficiently easy that a wide range of software can spot it and make an appropriate response. Anything that might be expected to handle a document image is fair game -- not only printers, scanners and photocopiers, but screen and printer drivers, digital-camera firmware, and even router and hard disk components could suddenly acquire a legally-mandated blind spot. Adobe's Photoshop has it already, although the company won't say how that came about, and we have no way of knowing what else is now primed to join the dots.

A fully constellation-aware digital world would make any acquisition, manipulation, storage, transfer or printing of fake notes impossible at every level: fakers would be forced to make incomplete copies that would be spottable immediately. The software could even be wired to silently alert the cops if it thought you weren't just messing around: don't think they haven't thought of it.

Of course, various hives of freethinking anarchists are already at work imagining ways to subvert the idea. If you had a T-shirt with the pattern on, what would happen to photographs? Or what would happen if I'd just happened to have a rather nasty case of acne on my entry to the US, with prominent pustules arranged just so? Tattooing the mark on my fingertips -- or even just prodding it on with a ball-point pen prior to immigration -- might also be an interesting experiment, albeit one I'm not minded to try in a hurry. It's also amusing to imagine making the pattern part of your letterhead, especially for correspondence with officialdom, or just having all your paper overprinted with the constellation as part of the background.

It goes the other way. Do the same print job with your Microsoft biocode, and all your documents will be indelibly stamped with your presence -- potentially making the hunt for your documents in bureaucratic databases much faster and more efficient. Once every layer of document manipulation is able to read intrinsic identities, you have the capability of creating an incredibly detailed log of every access, copy or storage event.

The same technology that bars banknote bitmaps can be used to make paper documents just as easy to track as any electronic message: bear in mind that the US postal service is considering making all packages and letters traceable to the sender. Now, how do you think they're going to do that?

This is what Bill meant by 'the password is dying' -- not that for our convenience, we'll be able to sigh with relief and forget we ever needed the things, but that for the purposes of security and commerce, we'll lose control of another chunk of our identity. The framework is already being put in place: all we can do is watch.