Because biometrics is the least secure and easiest to copy method of security.
There are three types: What you know, what you have, and what you are.
What you know is the most secure in theory, but suffers from the limitation on human memory. But it can not be stolen from someone without them knowing. (Yes I know it can be stolen from a device, but that a problem in implementation and not fundamental.)
What you have is very secure - except that it's possible for it to be lost or stolen, and possibly without the person even realizing (at least not at first).
What you are is the least secure - all the detected features can be copied remotely without the person even knowing that someone copied them, and can not be changed once copied.
Biometrics sounds very secure - but is actually very very insecure.
Lets say someone took your fingerprints off a glass or a light-switch or your car, is there any reasonable way to prevent this?
Lets also say that you somehow become aware of them having a copy of your fingerprints and you remember that your phone requires your fingerprints to unlock; what do you do?
It's the fact that you can't permanently change your fingerprints nor restrict access to them which make them bad for authentication. Those two qualities also make them good for forensics.
Isn't that assuming that the system will accept a copy of a fingerprint? Are you telling me that I could easily spoof the fingerprint readers in immigration control simply by applying some kind of copies of another person's fingerprints over my own?
Anyway, if copying fingerprints is possible, then they are useless for forensics, contrary to your final point.
> Are you telling me that I could easily spoof the fingerprint readers in immigration control simply by applying some kind of copies of another person's fingerprints over my own?
Yes, it's pretty easy. However the immigration officer might notice.
> Anyway, if copying fingerprints is possible, then they are useless for forensics, contrary to your final point.
Well, it is possible to copy them, and they are not useless, therefor your conclusion has an error. And that error is that forensics does not require certainty, they require evidence. Evidence is probabilistic, and accumulating various forms of it can eventually be convincing, but each piece on its own is insufficient.
Forgive me if this seems ignorant, but how is verifying a person's identity at immigration control different from verifying their identity when logging into their phone?
The main difference is automated vs human checked.
The next difference is that for authentication it's important to be able to change the password (as it were), and with biometrics that's impossible. Once copied an attacker has access forever.
But I do see your point, and there are a lot of things in common. But going back to your earlier post, just because immigration control does it that way doesn't mean it's best - it just means they don't have a better way.
There are three types: What you know, what you have, and what you are.
What you know is the most secure in theory, but suffers from the limitation on human memory. But it can not be stolen from someone without them knowing. (Yes I know it can be stolen from a device, but that a problem in implementation and not fundamental.)
What you have is very secure - except that it's possible for it to be lost or stolen, and possibly without the person even realizing (at least not at first).
What you are is the least secure - all the detected features can be copied remotely without the person even knowing that someone copied them, and can not be changed once copied.
Biometrics sounds very secure - but is actually very very insecure.