Friday, December 31, 2010

Nigerian police force discovers 20,000 ghost workers in its ranks

Bloated Police Wage Bill (AllAfrica.com)
To think that all of 20,000 non-existent workers have been receiving salaries amounting to N6 billion in just three months is dumbfounding. But it shows the extent of financial hemorrhage that the country is subjected to by criminals operating clandestinely in various government ministries.
Six billion Nigerian Naira = US$39,530,000 in three months.
Multiply by four for an annual estimate of US$158,120,000.
Total U.S. government foreign aid to Nigeria in 2008 = US$200,000,000 (pdf Census.gov).

By tightening up identity management measures in a single government bureaucracy, Nigeria was able to save itself money equivalent to 79% of the sum that the U.S. delivered to Nigeria in aid in 2008.

Besides the financial windfall, there is an increase in citizen confidence in institutions. It's difficult to ascertain which is more valuable.

The great Indian journey to unique identity

Aadhar has the potential to change the life of every Indian (CIOL.com)
After a person is allotted a UID number, his/her identity linked to biometrics would be established to uniquely identify the person. The UID number would authenticate the identity claim of a person and would have wide-ranging applications during the person's lifetime. And it would benefit everyone from students to farmers to corporate executives.

The UID will not just help the government track down individuals but will make life far easier for citizens as they will not have to submit so many documents each time they want to avail a new service – private or government.

Since India is a country where food distribution is a major concern, UID can be helpful in bringing transparency in public distribution system, too, and make sure the benefits of government schemes are reaching the people who deserve it.
If it is too difficult to do things the "right" way, rational people will do things a different way.

In many developing countries, this means taking electricity straight from the grid, neglecting to register a business and paying bribes rather than obtaining permits. These actions lead to a reduction in a society's ability to invest in the physical and social infrastructure that delivers first-world living standards.

According to the World Bank, among world economies, India ranks:
134th in "Ease of doing business"
165th in "Ease of starting a business"

Other measures at the link are equally distressing.

In order legitimately to start a business in India, one must negotiate 12 bureaucratic hurdles including the payment of 9 different fees. Many of these steps include the verification of the applicant's identity.

Better identity management techniques, are not by themselves sufficient to improve the daily lives of Indians at all levels of society, but they are necessary for legitimizing citizens and streamlining government.

Beyond the bureaucracy of starting a business, the UID project can bring efficiency and deliver real value to Indian society in the areas of Taxation, Banking, Voting, Welfare transfers, Education and Health care.

Not only does the UID project give government an increased ability to identify citizens, it gives citizens an increased ability to hold their government accountable. Implementation of biometric time and attendance systems within government bureaucracies can reduce or eliminate ghost workers and stem corruption.

These are the opportunities India seeks for itself.

There is much work to do and there will be resistance. Privacy advocates that don't know what it's like to wait in line for hours or be forced to pay a bribe for every mundane interaction with the government or public utility will take to the newspapers. Corrupt officials with armies of ghost workers that are diverting resources meant for the poor into offshore bank accounts will drag their feet. Welfare fraudsters collecting multiple payments under multiple identities will prove remarkably ingenious at milking the system. But India must, at least, try.

Many of the world's poor, not just in India, are depending upon them to get this right.

Thursday, December 30, 2010

Secure Communities in the News

The U.S. Immigration and Customs Enforcement (ICE), has been implementing the Secure Communities strategy throughout the country for several years now.

The initiative seeks to prioritize the use of resources in order to place the highest priority on removing individuals who are both in the United States illegally and have committed violent crimes.

The system uses fingerprint biometric identity management technology to integrate local law enforcement officials with a central database of individuals who fit the criteria above. The search against the central database is only performed if the individual is arrested again.

As the system is being implemented across the U.S., local reaction varies dramatically as a survey of headlines shows.

UPDATE: These links are no longer useful
Bing News Searches:
"Secure Communities" Kansas

"Secure Communities" Maryland
"Secure Communities" Massachusetts

Wednesday, December 29, 2010

Top Ten Threats to Your Privacy

Privacy Alert: 10 Biggest Threats of 2010 (PCWorld.com)
It won't surprise regular readers that biometric technologies are absent from the list.

Other familiar names aren't so fortunate.

Biometrics and Development

Fingerprint Haiti Now: Biometrics in Haiti, One Year Later (Center for Global Development)
Cash transfer programs have become commonplace in post-disaster recovery for rebuilding and re-capitalizing households and firms. Such programs provide direct aid without the bureaucratic delays and transparency concerns of other methods. They also create demand to jump-start the economy and put the power of recovery in the hands of the people– giving them the resources to pull themselves out of poverty and towards reconstruction and recovery. Leakage is always a major concern; donors need to ensure individuals only collect once and that funds are distributed as intended. A secure identity system could be used to prevent multiple payments, “ghost” recipients, and other forms of leakage.
It is extremely heartening to see an organization as respected as the Center for Global Development recognize the contributions identity management technology can make toward building a more just, prosperous and equitable society.

Other posts dealing with biometrics, fraud and social safety nets can be read here.

Scotland: Angus education chief claims unanimous support for pupil fingerprint system

Angus Council's education convener has defended a biometric identity system used for school meals, claiming the local authority has never received a complaint about it (TheCourier.co.uk)
"Angus is the only authority in Scotland which is increasing uptake of school meals and, while not all of it is down to the biometric system, we do know that there is a stigma attached to receiving free school meals. But the possibility of bullying is removed here because no one knows who receives free school meals apart from the office staff who credit their accounts.
Fingerprint systems that store only an algorithm-generated template rather than an image of a fingerprint pose little-or-no threat to a person's biometric privacy.

On the positive side: for the student, fingerprint biometrics offer increased privacy and safety; the school achieves higher data integrity and increased operational efficiency. These benefits are not simply confined to the schools themselves. All taxpayers have a stake in the efficient use of educational resources.

If recent press is taken as an accurate reflection of the concerns of so-called privacy advocates, they fixate on the security of students' biometric data while unconcerned with the security of the academic, behavioral and medical records kept by schools that present a much more acute privacy risk.

It is incumbent upon adults to be mindful of the privacy implications of all the decisions they make for children. Implementation of template-only fingerprint identification systems can indicate fulfillment, rather than neglect of that duty.

Tuesday, December 28, 2010

Scotland: Use of fingerprint ID in schools triggers row

Scottish Politics, Biometrics & Schools (News.Scotsman.com)

Anti:
"Public bodies have shown in the past that they are not always to be trusted with sensitive personal data. If the finger - or palm prints - of children as young as four years old got into the wrong hands, it could have significant consequences. Do we really want this sort of intrusive information taken from young children?"
Pro:
"Of course, if we can use new technology to improve public services and reduce costs then we should be looking to do so. However, as with keeping any personal, information appropriate safeguards must be in place."
Other posts on biometrics and schools may be read here.

International Air Transport Association insists on updated security measures

Under an IATA plan, passengers would be categorised into one of three risk groups, and then screened accordingly. (AustralianNews.net)

Friday, December 24, 2010

NYC payroll chief resigns after fraud probe

The Associated Press
NEW YORK - (AP) — The director of New York City's payroll department has resigned a week after prosecutors charged four consultants in a $80 million fraud scheme.
Earlier post on the topic here.

Thursday, December 23, 2010

Nine Technologies That Will Change Your Future

What will be the tech breakthroughs of the next decade? (Kiplinger via Yahoo Finaince)
Banks are increasingly turning to biometric authentication for mobile and online clients. Fingerprint, voice and face recognition systems will soon become commonplace as banks seek to heighten security for the rising tide of on-the-go transactions.

Imagine a front desk without people

For hotels, it cuts costs (Chicago Tribune)
Consider this: You go to the front desk to check in, your image is captured on computer, you're given your room number but no key card. You get to your room and a facial-recognition reader opens the door for you. Or maybe you just check in at a lobby kiosk and bypass the front desk altogether. Or you use your credit card to enter your room.
Biometrics figure to be the linchpin in a host of revolutionary and cost saving technologies and processes.

The return on investment (ROI) is significant.

Tuesday, December 21, 2010

UK: ID Cards Scrapped by Coalition Government

ID cards consigned to history by Coalition Government's first Home Office Bill (FreshBusinessThinking.com)
All ID cards will be cancelled within one month of Royal Assent and the National Identity Register, the database which contains the biographic information and biometric fingerprint data of card holders, will be physically destroyed within two months.
This isn't a surprise, we drew attention to the decision back in May.
The U.K.'s new coalition government plans to cancel the national ID card program, calling it part of a "substantial erosion of civil liberties" that took place under the former Labour government.
But what would a national ID system that didn't present a "substantial erosion of civil liberties" look like?

From this post of May 21:
Bryan Glick at ComputerWeekly.com understands that the rejection of a statist, top-down approach does not mean that identity management systems are unnecessary or that all proposed systems will be rejected by a free public.

Glick then draws attention to a 2008 report by Sir James Crosby, then at HM Treasury, entitled Challenges and Opportunities in Identity Assurance (.pdf). The 47-page report contains a breadth of information that makes it a great introduction for how to begin thinking about the challenges associated with large-scale biometric identity management deployments. It is very accessible and deserves to be read widely.

Biometric time clocks gaining popularity

Chattanooga Times Free Press
Biometric time clocks aren't always popular with workers, some employees say, but the devices are winning approval from Chattanooga-area companies, according to a business that sells the fingerprint-activated devices.

High-profile customers include Rock City, the Tennessee Aquarium, Chattanooga Convention Center and Creative Discovery Museum, which all have bought into International Equipment Co.'s biometric vision as the Chattanooga-based company marks its 50th anniversary.

Monday, December 20, 2010

High-tech move to stamp out food card fraud

Trinidad Express
In an effort to stamp out fraud and corruption in the delivery of social services grants, Government will be moving next year to implement biometric technology starting with the food card programme and disability grants.
People are willing to support higher social spending when they are confident that the money isn't being stolen.

Ingenico shares hit after Safran blocks foreign bid

French industry minister Eric Besson said the state was talking with Safran, adding Ingenico was a "strategic" business (Reuters)
Safran (SAF.PA), 30 percent owned by France and which holds 22.5 percent of Ingenico, likely blocked the 1.44 billion euro ($1.9 billion) offer as a result of government pressure to prevent the company passing into foreign hands, analysts said.
Ingenico makes some fingerprint enabled point of sale hardware.

Safran is in the process of finalizing its purchase of much of L-1.

Friday, December 17, 2010

Big-Time fraud in NYC time-and-attendance initiative

CityTime Consultants Charged With Stealing $80 Million (Gothamist)
Four consultants hired to run quality assurance have been accused of taking $80 million in "an elaborate fraud and kickback scheme" that involved faked time sheets (ha!) and a series of shell companies. According to the suit the suspected ringleader even got his mom and his wife in on the scheme!
Fraud is fraud and it could occur with any government contract entrusted to corrupt individuals. As noted by the quoted section above, the fact that faked time sheets were used to steal from a biometric time and attendance system contract is at the least ironic.

UPDATE:
NYC payroll chief resigns after fraud probe

Jobs at 3M threatened as UK passport contract switches to De La Rue

More than 100 production staff are facing redundancy (PrintWeek.com)
All of the staff have been subject to TUPE negotiations as a result of the Identity and Passport Services’ decision to award the 10-year contract to print the next generation of biometric passports to De La Rue rather than incumbent 3M.
Countries often don't produce their own currency and passports -- they hire private firms to do it -- and for obvious reasons, countries don't like to talk about it.

The UK has decided to award its passport manufacturing contract to the home grown, though troubled, De La Rue rather than American firm 3M.

It's worth noting that the British passport is biometrically enabled (face recognition) and 3M recently completed its acquisition of biometrics firm Cogent, which had an application for face recognition for border control.

Facial recognition biometrics will come of age in 2011

Facial recognition technology promises easy access for employees and a fast return on investment for employers (SecurityPark.co.uk)
Facial imaging biometrics has refined the technology in recent years with 3D imaging and infra-red cameras overcoming early flaws such as strong sunlight or darkness making a comparison difficult. It is now possible to make a positive identification under any lighting conditions and while the subject is moving towards the camera.

Thursday, December 16, 2010

L-1 sale update

Stockholders to vote on merger on February 3, 2011 (ConsumerElectronicsNet.com)
Under the terms of the agreement entered into on September 19, 2010, Safran has agreed to acquire L-1 Identity Solutions, Inc. following the sale of L-1's intelligence services businesses to BAE Systems Information Solutions Inc.
It looks like there are still three moving parts. The sale the intelligence services to BAE is expected in the next few days. The vote to sell the rest to Safran is scheduled for February.

Wednesday, December 15, 2010

What a mess: UK, EU, Children and Biometrics

UK gets thumbs down over school fingerprinting (Sydney Morning Herald - Australia)
BRUSSELS: The European Commission has demanded that Britain justify the widespread and routine fingerprinting of children in schools.

It said it had "significant concerns" that the policy breaks European Union privacy laws.
Here's an article that perfectly illustrates what happens when competing bureaucracies, biased or power-maximizing bureaucrats, identity management and (possibly) poor public communication collide. In fact, one seldom encounters such a archetypal example of what is an increasingly infrequent, though once common, treatment of biometrics in the news.

-The competing bureaucracies: The European Union vs. UK Schools
-The biased or power-maximizing bureaucrat: Hank Roberts "A member of the executive of the Association of Teachers and Lecturers"
-Identity Management: Fingerprint biometrics in schools
-Potentially poor public communicator: UK Schools

First, some background.

As outlined here, there are many reasons schools would like to and in fact should be encouraged to tighten up their identity management functions and biometrics can help while increasing privacy and lowering costs.
Schools spend a lot of resources in their Identity Management function: calling roll, assigning grades, managing a medical services office (school nurse), collecting health information on student athletes (physical exams), etc.

We all have an interest in how efficiently an industry that is overwhelmingly funded by tax revenues manages its resources. Schools should therefore be encouraged to adopt more effective means to accomplish the demands society places upon them and they should be commended for innovation within their industry.
To the list above should be added the library's and school lunch functions.

Secondly, not all fingerprint identity management systems are the same.

Some implementations store an image of the fingerprint and some store only the template created by the biometric algorithm. All fingerprint access control systems use a template generated from a person's fingerprint. It is not possible to "reverse engineer" a template into a complete image of the fingerprint that created it. In this limited use case it cannot fairly be said that people are fingerprinted.

Other fingerprint access control systems do store an image of the fingerprint as well as the template generated from it. In this use case, it is accurate to say that fingerprints are on file.

Thankfully, most decision makers that examine the implementation of fingerprint ID management systems in their schools become informed of the difference and since they are, for the most part, normal human beings that care about the welfare of the children under their supervision, they opt for the type of system that does not store fingerprints.

Back to the linked article.

The tension between the EU bureaucracy and institutions confined within member states is obvious and has nothing to do with biometrics, per se.

Biased and uninformed bureaucrats are occasionally addressed here and Mr. Roberts confirms his bias and willingness to paint with an overly broad brush with the following quote:
"I believe the fingerprinting of children is a totally unnecessary infringement of civil liberties," he said. "The legal situation must be looked at. This is being done surreptitiously without parents being told."
Anyone who terms the implementation of a fingerprint biometric system that stores only the template created by the biometric algorithm "fingerprinting" is either confused or or lacks respect for their audience.

"Fingerprinting" conjures up images of prison movies, the "rolled ten" and the loss of personal freedom. The fingerprinting process in the usage above is not undertaken in order to further the interests of the person providing the fingerprints. It is typically undertaken to help protect society from the person behind the fingers and carries with it a social stigma. Biometric alarmists intentionally and wrongly bring all of "fingerprinting's" social baggage and dump it onto fingerprint identity management systems. This approach is wrong-headed and emotionally charged.

One of our mottoes is relevant here: Biometrics, it's about people. Most biometric identity management deployments don't founder on technical challenges, but on social challenges. Foremost among the social challenges is communication. Biometric identity management techniques can save money and enhance privacy in schools (by, for instance, obscuring who receives a need-based subsidized meal) but they can't build consensus among public service providers and stake holders. People have to do that. Adopters of biometric identity management solutions have gotten much better at educating themselves about the technology and explaining the reasons behind their decisions.

It is exceedingly rare that these systems are implemented "surreptitiously without parents being told."

The number of Mr. Roberts's in the world seems either to be declining or they are finding fewer reporters seeking their comment. Reasoned communication is winning the day. This is good for schools, students, taxpayers and the biometrics industry. I'll leave it to others to judge whether or not it's good for unelected bureaucrats or self-appointed advocates.

Library, Pornography, Law Enforcement & Identity Management

The Naperville Public Library: Privacy (Examiner.com - Chicago)
Naperville Police Captain Ray McGury said he felt the law was intended to prevent authorities from spying on citizens [the practice of a police state], not to prevent library staff from assisting police fight crimes committed in libraries. “I asked them, ‘If a child is snatched from this library do I have to get a search warrant to get information on who was here?’ and they said, ‘Based on the state law, yes.’ God forbid that happens.”
This article, exhibiting excellent reporting by Sean O'Connor, presents a great case study of the interactions of citizens, and two types of public servant (police and librarians) within the context of identity management.

The main point of tension is between the library's policy and the police officer's duty. In this case, the identity management process is in some sense a witness to a crime.

Biometrics were never adopted in the Naperville libraries but a healthy debate seems to have taken place surrounding their proposed use.

Those interested in topics such as Society and the Individual, Privacy vs. Anonymity, and Identity Management should find the linked article highly worth reading in its entirety.

Tuesday, December 14, 2010

Miami Herald: Worst performing gadget of the year is Biometric Wallet

The year’s most memorable gadgets (Miami Herald)
The TungstenW biometric wallet. Made of carbon fiber, this hard case wallet only opens with the owner’s fingerprint scan ... unless you drop it, in which case it easily pops right open and breaks. For $600, this theft-prevention wallet is a dud. All the thief needs to do is give it a whack against a table or floor.
I think they're talking about this one. (Tiger Direct)

Mozambique: Biometric Personal Record Card Now in Use

Over thirty Mozambicans now possess a Biometric Personal Record Card (AllAfrica.com)
Maputo — Over thirty Mozambicans now possess a Biometric Personal Record Card, issued at birth with an identification number that they will keep for their entire lives.

The authorities regard this as an important step in implementing the "electronic government" strategy.
As we said yesterday, it's dificult to help citizens in developing countries if no one knows who they are.

Monday, December 13, 2010

UID effects: India sees a surge in bank accounts

Some 80% of people enrolling for biometric IDs want bank accounts (Economic Times, India)
“If we are able to provide every such person with a bank account, financial access will explode in India,” Mr Nilekani said. Considering the pace of enrolments for Aadhaar, there was a very real possibility that the number of bank accounts issued in the next four years will exceed the number of accounts banks have issued since India's independence, he felt.
It's been a while since we checked in with India's UID project. Providing the world's poor with a verifiable identity is key to helping them through both government and market based initiatives.

Prison Using Eye Scanning On Inmates

Technology Given To R.I. Jail At No Cost (WCVB TV Boston)
The Department of Corrections said plans were under way last summer for the technology. The process was sped up after an inmate escaped by posing as another inmate who was up for parole. He was later captured in New York.
This really happens.

Iris biometrics are highly suited to this particular application because even though each transaction is slower, they are more difficult to fake than fingerprint biometrics.

The trade-off in speed isn't really a deal-breaker in a prison environment.

Friday, December 10, 2010

Canada-U. S. security perimeter has been years in the making

The two countries reportedly will establish a Beyond the Border Working Group (Vancouver Sun)
Reports have estimated the extra security has added costs for Canadian manufacturers equivalent to two to three per cent of total trade. It also resulted in an eight-per-cent negative impact on the export of services and an almost 13-per-cent negative impact on the import of travel services.
This seems to be getting a lot more attention in Canada than in the U.S.

Facial Recognition: A Valuable Tool For Law Enforcement

Facial recognition can be a valuable identification tool when fingerprint identification is unavailable or impracticable (ForensicMag.com)
Just like automated fingerprint identification, facial recognition can provide law enforcement agencies with a valuable tool for multiple public safety applications. Whie fingerprints assure higher rates of accuracy than face recognition can, facial recognition provides benefits when fingerprint data does not exist, is not easily shared between agencies, or when multiple independent verification methods are desired. Additional applications include identity verification in the field and intelligence gathering, as well as crime prevention and investigation.
The linked article, written by Eric Hess of MorphoTrak, provides an overview of facial recognition for a law enforcement audience.

New Face-Rec audit for New York Driver's Licenses

Transit Sam (Downtown Express, NYC)
Dear Transit Sam,
My daughter’s driver’s license is coming up for renewal soon. I understand that a new face photo recognition system is now in place. My concern, in addition to privacy and identity theft issues, is where is this information going to be sent or stored or how will the information be used? Do you have any idea who is doing this for DMV?
Contained in the answer to the reader's question is a description of a really cool auditing and verification process that should be adopted everywhere.

Please, read the whole thing; it's short but sweet.

Thursday, December 9, 2010

Oasis Systems sold, taps Colatosti (Viisage) for top roles

Oasis Systems sold, taps Colatosti for top roles (MassHighTech.com)
Colatosti is currently founder, president and CEO of biometric and physical security management firm American Security Ventures, he is perhaps best known as the former president and CEO of Viisage Technology Inc.

3M Completes Acquisition of Cogent Inc.

ST. PAUL, Minn., Dec 01, 2010 (MarketWatch.com)
3M announced today that it has completed its acquisition of Cogent Inc., pursuant to a merger agreement that was approved and adopted by Cogent's stockholders at a special meeting held on Dec. 1, 2010. Under the terms of the merger agreement, Cogent's stockholders are entitled to receive $10.50 per share in cash.
I must have missed this while traveling. Those searching for a stock quote for COGT won't find one.

Australian Visa applications to include biometric data

Australia will attempt to stamp out fraudulent visa applications through the use of biometric data for onshore application (SmartCompany.com.au)
"Around the world identity fraud and fraudulent visa applications are on the rise," he said yesterday. "We need to make sure that Australia's toolbox is world's best practice for dealing with this."

Wednesday, December 8, 2010

Physical access control more popular than logical access control

Majority of organisations using biometrics are leaving logical IT access protection at the door (SecurityPark.co.uk)
According to new research from Siemens IT Solutions and Services, only 18% of organisations with biometric measures currently in place are using them for logical access control – vital to securing IT equipment and data files.

Despite acknowledging the need for greater IT security in a climate of cyber crime and terrorism, biometrics professionals are opting for physical access control to safeguard rooms or buildings. This presents IT security threats to sensitive data within organisations and potential mobile IT security weaknesses.
The huge uptick in the popularity of time-and-attendance access control systems, with their clean and easy calculations of ROI (return on investment) may account for some of this discrepancy.

Biometric ID management techniques do yield significant ROI for logical access control -- passwords don't reset themselves and the people you call get paid -- but it's more difficult to compute and is likely to make itself apparent over the longer term.

Nevada DMV looks at ears, eyes, mouths as well as faces

It's no easy feat to identify a specific Bimbo amid the bevy of bimbos in Las Vegas (Las Vegas Review Journal)
Actually, authorities are unsure whether they have in custody Frank Anthony Bimbo, the name listed on the expired identification card, or whether his documents were fraudulent and he actually is one of 10 other people he claimed to be during DMV visits over the past 13 years.

"Sometimes we can't tell which are the real records, and that's the case this time," DMV spokesman Tom Jacobs said. "At this point, he's muddied the waters with so many IDs, we don't know who he is."
This article combines insight into the nuts and bolts of the identity management challenges of local law enforcement, a discussion of new biometric ID management modalities and a fair dose of humor deriving from the subject's real or assumed name.

You won't regret checking this one out.

Monday, December 6, 2010

Process for Mexicans applying for US Visas to become easier

Because the collection of biometric information will take place at the ASC, applicants who are required to visit both the ASC and the consular section should spend less time at the consular section than they have had to in the past.
It is my understanding that the biometric enrollment part of the application process was simply bolted onto the older process and required a separate fee.

Many on both sides of the border hope the attempt to streamline the process is successful.

Worldwide biometric revenue expected to treble to $14bn by 2015

Governments and institutions alike are increasingly turning to technology (Zawya.com [UAE])
"The growth in the biometric security market is remarkable," said Ahmed Pauwels, Chief Executive Officer of Epoc Messe Frankfurt GmbH, organisers of the Middle East's premier safety and security trade fair and conference, Intersec. "Industry figures estimate that worldwide revenues from the biometric market will treble to $14bn (Dhs51.4bn) by 2015," he added.

Friday, December 3, 2010

Biometrics hits the workplace

Access control at enterprise level has changed dramatically (ITWeb.co.za)
Coetzee also points out that for most companies, payroll is the single largest expense, so this is where the greatest protection is required against threats of fraud, corruption and theft.
As far as biometrics are concerned, 2010 has been the year of access control for time-and-attendance. This thoughtful article provides a glimpse into how enterprising firms can harness the tools at hand to capture information about their business that can provide a bottom-line competitive advantage.

This article also recalls some of the issues discussed in this post.

Thursday, December 2, 2010

Kiosks let travelers skip long passport control lines

Program allows skipping long passport control lines (Houston Chronicle)
Approved members can bypass long immigration and customs lines, scan their own passports at airport kiosks and continue on their way in less than a minute.
We did an unscientific test of this system yesterday.

Returning from a foreign country using the Atlanta airport, Barry, having previously enrolled in the Global Entry system used the kiosk while I used the standard human based passport check.

Lines for both systems were very short.

As it was his first live interaction with the system, it took Barry more than a minute to get through the process. Even with very short lines (perhaps 5 people in front of me), it took me several minutes longer to present my passport and gain entry into the United States.

There were perhaps ten humans checking U.S. passports. There were approximately 5 machines serving Global Entry members.


Thoughts:
Lines for the human passport check are usually much longer. There were a limited number of kiosks.

Scaling up the number of kiosks is easier than scaling up the number of human agents in terms of both implementation time (training vs. installation) and infrastructure adjustments (constructing a cubicle vs. installing an ATM-like machine).

Tuesday, November 30, 2010

Ontario Lottery and Gaming Corporation To Use Facial Scans to Aid Problem Gamblers

OnlineCasinosPro.com
Across Ontario, racetracks and casinos will soon be implementing new facial recognition technology to help problem gamblers stay out of gambling venues. By the end of 2011, all 27 of Ontario’s casinos will be fitted with this new technology.
More biometrics ROI.

Many jurisdictions where gambling has been legalized have required casinos to maintain a list of problem gamblers. People may opt to place themselves on that list. Casinos are required to refuse service to those on the list.

Unfortunately, there is a high potential for abuse within this system. Needless to say, taking a casino's money is never termed a gambling problem by the winner. A registered problem gambler may enter a casino to play the odds. If she wins, she leaves with her winnings. If she loses, the casino shouldn't have served her.

While imperfect, facial recognition technology can detect people enrolled in the problem gambler registry and prevent some of the losses due to the abuse of the problem gambler rolls.

[Ohio] Middle school to get finger scanners

Modern technology utilized at the high school will soon be installed at the middle school as well (TallmadgeExpress.com)
"So far, parents and students have embraced it," Wood said. "It's gone very, very well."
...
DeCapua said the scanners are helpful to faculty and students because the lunch lines move much quicker without tangible dollars and cents exchanging hands, which also promotes sanitation.
It's about people and ROI.

I've read in other places that cafeteria staff and other school officials can spend up to three hours per day addressing the needs of students who have forgotten their paper lunch coupons.

Friday, November 26, 2010

College lecturers say no to thumb rule

They complain that biometrics system of attendance does not allow flexible timings (BangaloreMirror.com)
When BU officials insisted, a senior lecturer said, “Why is BU insisting on thumb impressions? Don’t you people have any faith in us? We are not slaves and, hence, we are not ready for this.”
This has far more to do with organizational policy than biometrics per se, but it's a slow news day in the biometrics world.

Thursday, November 25, 2010

Ports, Security and Biometrics

U.S. maritime port security being neglected (PressOfAtlanticCity.com)
Aaron Ellis, spokesman for the American Association of Port Authorities, said TWIC cards are “far superior” to what was used in the past and are issued after significant background checks and are “very difficult” to duplicate and forge.

However, TWIC cards are little more than “flash cards” without the electronic readers, he said. Some port authorities are taking the financial risk of developing their own electronic card-reading system to improve security, he said.
With all the attention being paid to airline security, it's easy to overlook seaport infrastructure.

This article broaches two issues that are of particular interest to suppliers and consumers of biometric identity management systems: regulatory risk and interoperability.

Ports are fortunate that they haven't had a one-size-fits-all solution forced upon them, because the political process has a poor track record at devising systems that appropriately balance security and commercial interests (see the TSA's airport security regulations). The TWIC (Transportation Worker Identification Credential) system regulates the ID card to be used at ports and the process for obtaining one but it does not mandate how the individual ports use it. This offers ports the opportunity to adopt the security protocols that best match their individual circumstances.

This, however, puts the onus on ports to adopt the security protocols that best match their individual circumstances which presents challenges of its own.

As with many organizations, Ports can recognize a significant ROI (Return on Investment) by integrating biometric identity management techniques into their business processes, but calculating ROI involves weighing the cost and benefits of a decision over time.

If a port does everything perfectly, implementing a biometric identity management system that accomplishes the task of getting people into the facilities with dramatically reduced time and labor costs, risks remain that will alter the ROI calculation. Regulations might be enacted that impose other costs (regulatory risk), or other ports may adopt a different system that is incompatible with the system they use (interoperability risk).

Regulatory risk and interoperability risk are real, but technologies do exist that can help firms ameliorate these risks. SecurLinx has developed technology (middleware) that address both of these risks. Our middleware enables scalable and modular biometric deployments that facilitate integration with all major biometric service providers.

With SecurLinx technology, a firm that invests in a biometric identity management system and then opts to integrate that system with another system can do so cheaply and effectively. Moreover an organization that finds success with one type of biometric system (ex. fingerprint time-and-attendance) can integrate another type of system (ex. face-recognition) without starting from scratch or being forced to run two parallel and incompatible IT systems.

Biometrics should deliver maximum ROI. We can help.

Wednesday, November 24, 2010

Report finds biometrics ‘fallible’, but SIA disagrees

In the security world, biometrics are accepted as a viable solution for authorization and identification (SecuritySystemsNews.com)
This is not new information, said Mark Visbal, director of research and technology for Security Industry Association. “There’s nothing that’s definite in security. There are always going to be problems and loopholes with any security system you use,” he said. That’s why it’s so critical for security professionals to maintain a layered approach to securing assets.
Related thoughts:
National Research Council: Biometrics 'Inherently Fallible'
Pushback on the National Research Council (NRC) Report

Tuesday, November 23, 2010

Thank You, DHS & TSA

Around here, we frequently ask the question: Compared to what?

Usually, we use this question to address the fact that many people expect biometric identification systems to be perfect when they don't hold anything else in the security realm to that standard.

Judging by the recent news surrounding the TSA's enhanced interrogation techniques, it makes sense to apply the same question to the degree to which biometrics invade privacy.

The Dept. of Homeland Security and the Transportation Safety Admin. have probably done more in the last two weeks to increase public acceptance of biometrics than anything we've seen before. A search of today's Bing News site using the terms "biometric airport" is extremely revealing.

Monday, November 22, 2010

More on Pilot ID's

FAA to require photos on pilot's licenses but not biometric identifiers (NextGov.com)
The Federal Aviation Administration has proposed that all pilot certificates include a photo of the licensee, but one lawmaker wants to know why the passport-size cards will not include biometric identification five years after Congress passed a law requiring such unique identifiers.
Rep. John Mica, (R-Fla) isn't the only one who will be curious as to why the FAA has so far refused to adopt biometric ID management techniques even though the Congress has mandated them and the pilots' unions are lobbying for them.

To be as fair as possible, the photo on an ID is a biometric even if a human rather than a computer is used to process it.

For additional information on the subject, please see this post.

Thursday, November 18, 2010

UPDATE: Pilot's Licenses don't have photos?

UPDATE: TSA, Pilots Weigh Biometric System for Airport Screening (NationalJournal.com)
Pilots who fly passenger and cargo planes want the U.S. government to implement a program under which their identities will be confirmed using biometrics so they can pass quickly through airport security checkpoints and avoid -- for the most part -- controversial screening procedures involving body scanners or pat-downs.
The recent controversy over airport screenings has had at least one positive effect. All of a sudden, pilots are embracing biometrics as an identity management technique that is far less intrusive into privacy and conducive to security than many alternatives.

--Original October 21, 2010 post follows--
Today, the only pilots pictured on FAA licenses are flight pioneers Wilbur and Orville Wright (MSNBC.com)
In an attempt to improve security, Congress told the Federal Aviation Administration in 2004 to come up with a pilot's license that included the pilot's photo and could contain biometric information like fingerprints or iris scans. Today, the only pilots pictured on FAA licenses are flight pioneers Wilbur and Orville Wright, and the licenses lack biometric data.

This is astounding, especially when read together with this, via Drudge: Pilot Refuses Full-Body Scan, Says TSA Doesn’t Make Travel Safer (NewYork.CBSLocal.com)

Then there's this from two days after 9/11: Police investigating theft of American Airlines uniforms, key card (CNN.com)

There's always a risk that changes in security measures will be resisted or skirted by those falling under the new rules. That's why it's always a good idea to consult with the people the new measures will affect when implementing or changing a security plan. These are the people that can make or break your efforts to achieve your security goals.

A common refrain around here is that security, biometrics and ID management are all about people.

The civilian air travel bureaucracy really has people problems everywhere they turn. Their customers/stakeholders don't like them and their employees don't like them, either. Skipping obvious, low tech solutions like photo ID's for pilots while instituting intrusive, annoying, expensive and time consuming solutions falling on everyone seems calculated to communicate the appearance of security over substantially increasing the safety and, hence, value proposition that government agencies offer their stakeholders and airlines offer their customers.

Wednesday, November 17, 2010

Montgomery recreation department moves ahead with finger vein scanners

Biometric technology to be piloted in three centers in January (Gazette.net)
The move is expected to save the county $50,000 annually in the materials cost of the plastic cards and printers, Riley said.
More positive return on investment (ROI) for our communities.

Tuesday, November 16, 2010

NYPD Commences Use Of Iris Scans Of Suspects

Department Spending $24,000 Per Unit; Will Have 21 Around City (Reuters.com via Drudge)
The NYPD says the images will be used to help avoid cases of mistaken identity. The process takes about five seconds. Every suspect will be scanned again using a handheld device shortly before they are arraigned to make sure the irises match.
The iris is establishing itself as the biometric of choice for identifying compliant subjects, especially in jails.

Monday, November 15, 2010

Privacy vs. Anonymity

Falling costs and error rates (TheRegister.co.uk)
The state of the art can be illustrated by some of the examples given by the US National Institute for Standards and Technology (NIST) in their presentation on testing biometrics.

* A “1 in 1.6m” (that is, looking for one photo in a database of 1.6m photos) search on a 16-core 192Gb blade (about £25,000 worth of machine) takes less than one second (and the speed of such a search continues to improve). So if you have a database of a million people, and you’re checking a picture against that database, you can do it in less than second.

* The false non-match rate (in other words, what proportion of searches return the wrong picture) best performance is accelerating: in 2002 it was 20 per cent, by 2006 it was 3 per cent and by 2010 it had fallen to 0.3 per cent. This is an order of magnitude fall every four years and there’s no reason to suspect that it will not continue.

* The results seem to degrade by the log of population size (so that a 10 times bigger database delivers only twice the miss rate). Rather fascinatingly, no one seems to know why, but I imagine it must be some inherent property of the algorithms used.
The linked article is an opinion piece by David GW Birch, a smart man and (unashamed) Ramones fan. The piece is very interesting and I encourage people to read the whole thing.

A common refrain around here is: Identity management is about people, and Mr. Burch seems to get this, too. Towards the end of the piece, however, he seems to conflate privacy with anonymity.

Privacy in public is something we all take for granted. It is not difficult to assert an assumption of privacy covering observable public acts. If those acts are, however, assembled together by someone else and communicated to a third party, privacy can be greatly undermined.* The difference between having a private detective following you and not having one follow you makes for a useful illustration. Violation of public privacy has simply been a matter of resources and efficiency for the entirety of human history. Granted, modern technology stands to make undermining public privacy cheaper.

Anonymity in public is something different, and has probably only existed since the advent of rapid transit and the modern megalopolis -- and it's not necessarily a good thing.

We're all used to hearing about a "right to privacy" however overused the phrase may be. But it's unusual to hear someone posit a blanket, public right to anonymity, though in certain circumstances one undoubtedly exists: Political speech against oppressive regimes or religious confession, for example.

Mr. Burch subtly transitions to "online" anonymity when he begins the discussion of anonymity, but it's unclear how biometrics in general or facial recognition in particular stand to undermine online anonymity. Google's doing yeoman's work in this regard already.

Utilitarian thoughts:
It is possible that we value public privacy because it improves interpersonal relations among strangers.

Is it reasonable to view public anonymity with more skepticism because the opposite may be the case?

*UPDATE: The preceding two sentences were edited for clarity.

Friday, November 12, 2010

Cyprus: Biometric passports here at last

The long-awaited biometric passports will be available in Cyprus by the end of the month (Cyprus-Mail.com)
Cyprus has until now, been kept out of the US visa waiver programme because the island’s passports were not biometric. It now remains to be seen how long it will take for the US to give the green light for visa-free travel to the States by Cypriots.

Thursday, November 11, 2010

OmniPerception defends accuracy of biometric technology

More push-back on the NRC report (PRFire.co.uk)
The point is to design in the probabilistic nature of the technology. Make sure you know how to cope when people cant enrol. Make sure you understand the impact on your system if someone fails to be correctly recognised and then you never know, the solution might be as simple as even putting a microphone or camera next to the reader.

It's about people and ROI, not infallibility.

Wednesday, November 10, 2010

Eye movements as biometric identifiers?

For Your Eyes Only (TechnologyReview.com)
The way you view the world is unique, so why not use it to identify you?

A company in Israel has developed a security system that does just this--exploiting a person's unique pattern of eye movements to identify them. Most biometric security systems measure physical features that are constant, such as fingerprints or iris patterns. An eye-tracking system has the potential to be harder to fool and easier use, its creators say.
My first thought was to compare this to using a handwritten signature as a biometric. The biometric consists of the unique way in which someone moves a part of their body.

This would seem to be analogous to handwriting analysis because the way the system induces a subject's eye movements (by visually tracking a moving icon) isn't the same in each verification, the way your signature is meant to be (approximately) the same each time you sign something.

Report Forecasts the Global Biometric Market To Grow At A CAGR of Around 22% between 2011 and 2013

PRInside.com Press Release
Purchase from Research and Markets
At the regional level, North America dominates the global biometric market and is expected to account for a market share of over 30% in 2010. The Asian, Middle East and Africa region are also expected to emerge as growing markets for biometrics by 2013. In fact, the Gulf and African countries have already taken several initiatives and started various biometric programs.

Tuesday, November 9, 2010

California University Campus Reports 300% Return On Investment After First Year Of Using Biometric Technology

300% Return On Investment After First Year (PR-Inside.com)
LAS VEGAS --(November 8, 2010) – Cal Poly Pomona Foundation, Inc. reported today that it has realized a 300% return on investment in biometric technology during the first year of deployment. It has implemented M2SYS Technology’s biometric fingerprint technology with its Kronos time and attendance software, enabling employees to use fingerprint readers to clock in and clock out at the beginning and end of shifts and lunch breaks.
A common theme around here has been making the case that biometric implementations are too frequently expected to provide perfect identification regimes, rather than improving upon real-world results while saving money. What makes adoption of biometric identity management techniques worthwhile isn't perfection, it is return on investment ROI.

Congratulations to all involved.

Other posts touching upon ROI

Monday, November 8, 2010

Queensland biometric driver licence rollout begins

The rollout follows successful trials by the Queensland Government (ComputerWorld.com.au)
A biometric driver licence system has been unveiled in Toowoomba as the Queensland Government begins replacing old licences to combat identity fraud.
...
Transport Minister, Rachel Nolan, said the move was significant, describing the new system as "the most secure driver licence system in the country".

New Zealand police won right to capture biometric information outside the police station environment

Police ponder portable computers (Stuff.co.nz)
Police won the right to capture biometric information, such as fingerprints, of people they intended to charge outside the police station environment in the Policing Act – passed by the former Labour government in 2008.

The devices, which spokeswoman Claire Harman said were "very much at the concept stage", would replace computers installed in a small number of police cars that will become redundant in 2012 when Telecom switches off its CDMA mobile network.

Ms Harman said police were looking at handheld, in-car portable and fixed in-car options. "Neither fingerprinting, nor photographing would be deployed as part of the initial rollout."
These days, hand-held computer technology often far outstrips the capabilities of police Mobile Data Terminals (MDT's, in-car computers), at a fraction of the cost.

As a practical and evidentiary matter, it would seem capturing biometric information such as mugshots and fingerprints in a controlled environment will be preferred by law enforcement agencies in the vast majority of instances.

Friday, November 5, 2010

Govt tells officials to stay off porn sites

HindustanTimes.com
A government official, however, indicated that it wasn’t “the most realistic set of guidelines”.
OK. That was a little bit out of context but I couldn't resist.

Germany's e-ID Cards Spark Privacy Debate

MaximumPC.com
The problem many Germans have is that the e-ID cards simply store too much personal information, including date of birth, place of birth, address, biometric photo, and voluntary fingerprints. It's basically a digital goldmine for data thieves. Or Big Brother.

Thursday, November 4, 2010

News Round-up: Border Controls

Today's Biometrics news is all about border control:

State Dept's Amin presses for expanded use of biometrics
(Federal News Radio) Streaming Audio and MP3 download at the link
In order to better protect the nation's security, one of the State Department's top IT officials says Americans need better biometrics in the visa and passport process.
EU seeks to strengthen rules on border patrols (EuropeanVoice.com)
The European Union is considering setting up a reserve of border guards to respond to surges in illegal migration such as that experienced in recent months in Greece.
Skipping the Line at Customs (Wall Street Journal)
International frequent fliers are hailing a program called Global Entry, a "trusted traveler" program run by U.S. Customs and Border Protection.

Wednesday, November 3, 2010

L-1 Identity Solutions Reports Third Quarter 2010 Financial Results

L-1 Expects Sale of L-1 Intelligence Services in Q4 2010 and Acquisition of L-1 by Safran SA in Q1 2011 (BusinessWire.com)
L-1 expects revenue for the full-year ending December 31, 2010 of $685.0 million - $690.0 million, revised from $715.0 million - $725.0 million due to the delay in commencing recently booked biometric and credentialing international programs, coupled with multiple Federal credentialing opportunities sliding into 2011 and a postponement of HIIDE and PIER sales to government customers (see footnote 1).

Tuesday, November 2, 2010

Honest! Abe Lincoln's earliest photo finally 'confirmed'

Facial-recognition software examines daguerreotype bought for $27 (World Net Daily)
Facial recognition expert Robert Schmitt has produced a video in which he analyzes a daguerreotype that may be the earliest photographic image taken of Abraham Lincoln against well-known images of the 16th president.

The daguerreotype, identified only as a "Portrait of a Young Man," was obtained in 1977 by collector Albert Kaplan, who purchased the image for $27 from among a group of 100 being sold by an art gallery on 57th Street in New York City.
The exercise described in the article is very different than the type of identification we usually discuss here, but it is fascinating nonetheless. Video and many more photos at the link.

Delaware Newspaper Endorses...

...Fingerprint Biometrics in Schools! Well, sort of...
Schools should consider usefulness of fingerprinting (Delaware Wave)
In an era of computer hacking -- the ultimate in human technological malfeasance -- that's no privacy assurance.

Human ingenuity will eventually take care of that problem.

For now, Delaware schools should consider the usefulness of this technology.
On this election day, the most interesting endorsement I found in the morning news wasn't for a political candidate. Rather, it was for keeping an open mind on biometrics in schools.

Monday, November 1, 2010

Biometrics & Elections

It's election season in many places around the world. Two elections, in particular, have gotten attention for their adoption of biometric identity management techniques.

Brazil elects Dilma
(CNN.com)
In 60 Brazilian cities, voters used their thumbs instead of ballots on a newly launched biometric system, where voters scan their fingers to log in and vote.
Brazil and Cote d'Ivoire have very different reasons for their decisions. In Brazil, voting is compulsory, so practically every adult cast a vote. Anything that increases the efficiency of the voting process is likely to pay dividends at such high turnout rates. An earlier post about the Brazilian elections is here.

Ivory Coast election a crucial crossroads (Forbes.com)
Cote d'Ivoire has a very different set of challenges.
"Ivorians want to have peaceful elections. People are tired," said journalist and political analyst Abdoulaye Sangare. But if any party fails to accept the outcome, "there could be violence. And if there is, nobody can say where it might stop."

From Travel.State.gov:
Cote d'Ivoire has been a divided country since a 2002 failed coup attempt evolved into an armed rebellion that split the country in two. Ivorian President Laurent Gbagbo and New Forces leader Guillaume Soro signed the Ouagadougou Political Agreement (OPA) in March 2007, and a new government was formed with Soro as Prime Minister (PM). Implementation of the accord, including federal elections, is ongoing, but long-awaited elections have been postponed repeatedly.
In such a fragile country, the integrity of the vote is of paramount importance. It's not too much of a stretch to assert that thousands of lives are at stake, depending upon a clean election to maintain peace.

Friday, October 29, 2010

Finger-ID technology comes to Erie High

Finger-ID technology comes to Erie High; critics worry about data security (Daily Camera [Colorado])

Fingerprint biometrics streamline the school lunch process and the kids love it.

The quote from the ACLU spokesman really got my attention.
Judd Golden, chairman of the Boulder County chapter of the American Civil Liberties Union, said the whole question of safeguards in the technology is critical.

"Parents ask, 'Who's got my child's data?'" he said. "Do they have safeguards against possible misuse of that data? It's collecting discreet, personal identifying information, and that data is not necessarily under the control of the district but a third-party vendor."
Rather than knee-jerk reactions, these are exactly the kinds of questions concerned citizens should be asking. Kudos to Mr. Golden.

One more observation:
Despite the obligatory addition of "critics worry about data security" to the headline, no critics are actually quoted in the article. Perhaps the author was referring to the several parents who were upset that the school acted without a proper give-and-take with the public. If that's the kind of critics that adopters of biometric identity management techniques are up against, then that's a situation that can be managed around a civil, rational dialogue.

Thursday, October 28, 2010

Sheriff's department to demo new eye scanners

Boone County Sheriff’s Department is showing off the new iris scanners that are available to deputies and the Boone County Jail (ColumbiaTribune.com)

Iris biometrics are being rapidly adopted by jails.

To understand why, it is useful to have a working knowledge of the framework outlined in:

NATIONAL BIOMETRIC TEST CENTER COLLECTED WORKS 1997-2000 (1.8MB PDF), specifically Chapter 1, section II 'Classifying Applications' (page 13 in your PDF reader, page 3 according to the document's internal numbering).

The categories are:
Cooperative v. Non-cooperative
Overt v. Covert
Habituated v. Non-habituated
Attended v. Non-attended
Standard Environment
Public v. Private
Open v. Closed

Some of these distinctions refer to the individual to be identified while some refer to the technology.

Nowhere have I found a more understandable and concise elucidation of how to understand biometrics in particular and security in general.

Nigerian Ghost Busters

Who you gonna call? Biometrics! (AllAfrica.com)
Lagos — Imo State government has uncovered 184 ghost primary school teachers in the state following a recent biometric staff audit.

This was disclosed to the Governor Ikedi Ohakim by Mr. Dan Okehi of Brickred Consult, at the Executive Council Chambers, Government House, Owerri where he submitted the audit report

Mr. Okehi said that out of the 15,860 teachers that filled the biometric form, only 14,363 were found to be authentic staff of the state Universal Basic Education Board, while 194 were non existence, yet taking salaries.

A ghost worker is a worker that collects a salary and/or benefits, usually from a government entity, while doing no actual work. A ghost worker may or may not be a real person, but the money they make is real and it accrues to a corrupt official.

The old Gummi Bear trick

Sweet bypass for student finger scanner (ZDNet.com)
But a litany of fingerprint scanners have fallen victim to bypass methods, many of which are explained publicly in detail on the internet. The hacks could potentially be used by students to make replicas of their own fingerprints, or lift those of others from imprints left on the reader.
Imperfect is not the same thing as impractical.

Schools spend a lot of resources in their Identity Management function: calling roll, assigning grades, managing a medical services office (school nurse), collecting health information on student athletes (physical exams), etc. Moreover, in the United States, this challenge occurs in a very strict legal environment (see FERPA).

We all have an interest in how efficiently an industry that is overwhelmingly funded by tax revenues manages its resources. Schools should therefore be encouraged to adopt more effective means to accomplish the demands society places upon them and they should be commended for innovation within their industry.

This article is about using fingerprint readers to measure time-and-attendance in schools. This function is usually carried out by human teachers, reading names from a piece of paper and making notes on a piece of paper. Because human beings are simply the best things in the world at identity management among people they know, this system works really well. But at what cost?

Is reading the names of people from a list really the best use of a highly trained, educated, and professional human resource? Are the constraints this system places upon class size worth it? What metrics would a rival system need to show in order to make switching systems worth the effort and cost? Sadly, questions like these are rarely, if ever, asked in articles like these.

There's also a social angle to this issue. The educational system is wonderful and necessary, not just for filling young minds with humanity's accumulated knowledge, but also for providing a social environment larger and more complex than the nuclear family but far more protected than the larger world. Much of the usefulness of this social environment lies in its ability to communicate to students the boundaries of acceptable behavior in preparation for their full participation in society as adults.

Of course, during this social education, society's rules are sometimes more honor'd in the breach than the observance (see "Ferris Bueller's Day Off", "Animal House", etc.) and that's fine, too, but it's also why this part of the educational process is so important. "Senior Skip Day" or senior class practical jokes are OK. Cheating on exams, not so much.

Which brings us back to the linked article with the sub-headline:
A NSW high school has installed "secure" fingerprint scanners for roll call, which savvy kids may be able to circumvent with sweets from their lunch box.

The scare quotes around "secure" invite the familiar (around here) refrain: "Compared to what?" Deeming young identity thieves "savvy kids" implies that the author believes that a technology's inability to overcome failures of educational will is a technological, rather than an organizational shortcoming. In the real world, identity theft and fraud can get you thrown in jail. Educators don't call those who cheat on exams, skip school and forge notes from parents "savvy kids". Why would they do so when the issue is identity theft? They wouldn't.

In answer to the "Compared to what?" question, I'd place fingerprint biometrics between full-time teachers and substitute teachers in terms of identity management effectiveness at a fraction of the cost.

Adopting technology to alleviate a bureaucratic problem often makes sense, but this issue is totally separate from a student's social education. If educators are unwilling to monitor for- and punish the hacking of time-and-attendance systems through identity theft among their students, the "technology" won't work. If they treat use of the system in the same way they treat other student responsibilities, it will.

Thankfully, educators have a very different sense of their responsibilities than does this article's author.

Monday, October 25, 2010

3M Extends Subsequent Offering Period for Shares of Cogent, Inc.

The expiration date of the subsequent offering period has been extended to 5:00 PM, October 26, 2010 (Finance.Yahoo.com)
If, following expiration of the subsequent offering period, Ventura Acquisition Corporation owns more than approximately 66.5 million Cogent shares, 3M intends to exercise the option, under the terms of the previously announced merger agreement, to purchase directly from Cogent a number of additional shares sufficient to give Ventura Acquisition Corporation ownership of one share more than 90% of Cogent’s outstanding common stock. This would permit Ventura Acquisition Corporation to complete a short-form merger with Cogent under Delaware law without the need for a meeting of Cogent’s shareholders.
Ventura Acquisition Corporation is wholly owned by 3M.

Queensland, Australia to adopt biometric driver's license

QLD biometric licenses to go ahead (ComputerWorld.com.au)
The new licence features an embedded chip with personal information, security PIN and shared secrets, and also utilises 16 point facial recognition technology. When drivers renew or apply for the new licence, a digital photograph will be taken and centrally stored. Each subsequent renewal of the licence will reference the image and using the facial recognition technology to ensure the driver is who they claim to be.
For information on what was driving the changes see this article from the same source.

Friday, October 22, 2010

Biometrics to be required of certain UK visa renewal applicants?

Biometric permits on the cards for Tier 1 and Tier 5 UK Visa applicants (VisaBureau.com)

If Parliament adopts the proposed new rules...
If you make your application to extend your stay in the UK by post, the Border Agency will send you a letter after receiving your application. The letter will tell you how to book an appointment to enrol your biometric information at one of the biometric enrolment centres.

Thursday, October 21, 2010

UPDATE: Pilot's Licenses don't have photos?

UPDATE: TSA, Pilots Weigh Biometric System for Airport Screening (NationalJournal.com)
Pilots who fly passenger and cargo planes want the U.S. government to implement a program under which their identities will be confirmed using biometrics so they can pass quickly through airport security checkpoints and avoid -- for the most part -- controversial screening procedures involving body scanners or pat-downs.
The recent controversy over airport screenings has had at least one positive effect. All of a sudden, pilots are embracing biometrics as an identity management technique that is far less intrusive into privacy and conducive to security than many alternatives.

--Original post follows--
Today, the only pilots pictured on FAA licenses are flight pioneers Wilbur and Orville Wright (MSNBC.com)
In an attempt to improve security, Congress told the Federal Aviation Administration in 2004 to come up with a pilot's license that included the pilot's photo and could contain biometric information like fingerprints or iris scans. Today, the only pilots pictured on FAA licenses are flight pioneers Wilbur and Orville Wright, and the licenses lack biometric data.

This is astounding, especially when read together with this, via Drudge: Pilot Refuses Full-Body Scan, Says TSA Doesn’t Make Travel Safer (NewYork.CBSLocal.com)

Then there's this from two days after 9/11: Police investigating theft of American Airlines uniforms, key card (CNN.com)

There's always a risk that changes in security measures will be resisted or skirted by those falling under the new rules. That's why it's always a good idea to consult with the people the new measures will affect when implementing or changing a security plan. These are the people that can make or break your efforts to achieve your security goals.

A common refrain around here is that security, biometrics and ID management are all about people.

The civilian air travel bureaucracy really has people problems everywhere they turn. Their customers/stakeholders don't like them and their employees don't like them, either. Skipping obvious, low tech solutions like photo ID's for pilots while instituting intrusive, annoying, expensive and time consuming solutions falling on everyone seems calculated to communicate the appearance of security over substantially increasing the safety and, hence, value proposition that government agencies offer their stakeholders and airlines offer their customers.

US Gov, Northrop Grumman test emergency ID interoperability system

The demonstration, dubbed "Autumn Blend," showed the use of standardized personal identity credentials operating across multiple domains (MSNBC.com, giant font alert)
One of the scenarios of the Autumn Blend demonstration simulated a collaborative incident at Northrop Grumman's Shipbuilding facility in Newport News, Va. As first responders from the city, Commonwealth and federal government convened on the site, their individual personal identity credentials were presented and read electronically at various authentication points for physical and logical access to the demonstration. These credentials included the U.S. Department of Defense Common Access Card, First Responder Authentication Credential, Personal Identity Verification and Personal Identity Verification-Interoperable credentials.

This is really cool. There are hundreds of forms of ID out there. Take one rush hour ride on the DC Metro and you'd be amazed at how many different ID's you'll see dangling from the riders' clothes and accessories.

Developing a system that can translate among various forms of ID in an emergency has obvious benefits.

Wednesday, October 20, 2010

Fingerprint biometrics among safest identity protection tools

How do you protect your identity? It takes more than just passwords (FederalNewsRadio.com)
Streaming Audio & MP3 download at the link

Following on the Unisys survey we mentioned here comes this:
Bryan Ichikawa, vice president of identity solutions at Unisys, joined the DorobekINSIDER to discuss the most secure way to protect your identity.

Tuesday, October 19, 2010

Desert Sands, CA may test biometric school bus rider tracking

Students participating in the test would swipe a finger across a scanner on the bus every time they board and exit.

An alarm would trigger if a student tried to get on or off at the wrong stop.

“It's definitely a wonderful safety component,” Superintendent Sharon McGehee said.

In 2007, three first-graders from Desert Sands were mistakenly dropped off at the wrong location early in the school year and rescued by neighbors.
I think a lot of people would be surprised to learn just how challenging a school's identity management environment really is.

First, school is compulsory; most parents really don't have much of a choice about whether or not to send their child to school. The compulsory nature of school attendance places an extraordinary burden on schools to ensure student safety. The added fact that children are legally recognized to be unable to take responsibility for themselves necessarily increases the responsibility schools have regarding child safety.

Given these responsibilities, can anyone be surprised that schools are among the vanguard of biometric solution adoption? It would be strange if they weren't.

Monday, October 18, 2010

Citibank to roll out voice biometrics


Funny CEO image of the day...
"I personally registered and then tried to beat it. I spoke in a girl's voice. I muffled my voice ... I pretended I had a cold. It got it right," he said.

Friday, October 15, 2010

Army Takes Hands-On Approach to Biometrics Sharing

Formerly known as the Biometrics Task Force, the Biometrics Identity Management Agency in March became a full-fledged U.S. Army agency with a departmentwide mission. Swan foresees a time when biometrics data will be used to identify friendly or enemy troops wounded on the battlefield, to ensure soldiers and their families receive authorized health care, and to identify displaced persons or track those who have received emergency rations following natural disasters:

Thursday, October 14, 2010

Unisys Poll: 63% of credit card users would prefer fingerprint

[Almost] Two-Thirds of Consumers Prefer Credit Card Verification by Fingerprint (EarthTimes.org; UPDATE: broken link removed)
Responding to the question, "Which do you believe is the safest method to prove your credit card is being used by you?" the online poll found that 63 percent of more than 300 respondents preferred fingerprints as the best method for identity verification and authentication as compared to photo identification (20 percent), PIN numbers (13 percent) and handwritten signatures (six percent).

This poll gets at the "compared to what?" question we frequently ask here. It explicitly asks respondents to compare a biometric modality to what techniques/technologies are currently in use and, unsurprisingly, consumers find the status quo wanting.

I also think it's worth noting that the second-preferred choice, Photo ID (20%), is also a biometric. The photo on the ID is the database image and the customer's face is the probe image. The biometric matching algorithm is within the brain of the person making the comparison.

So, 83% of those surveyed believe biometrics serve their information security better than PIN's and signatures.

Wednesday, October 13, 2010

Biometrics: Humans as Keys

The Future of Biometrics by research consultancy Acuity Market Intelligence (ElectronicsNews.com.au)

Here's a good summary of a recent industry report on some challenges and opportunities in the ID management sphere.
Any remaining problems with biometrics will no doubt be ironed out with time, as new technological developments emerge, and standards are developed for the technology However, the industry is more interested in the bigger picture, integrating biometrics into existing and new applications, not so much as a standalone one-size-fits-all security technology, but as enhanced solutions to existing and new challenges.

Tuesday, October 12, 2010

Ears provide new way of identifying people

"With biometrics, a lot of the problems is what happens when people get old. With facial recognition, the systems are often confused by crows feet and other signs of ageing. Your ears, however, age very gracefully. They grow proportionally larger and your lobe gets a bit more elongated, but otherwise your ears are fully formed from birth."

Ears have been in the biometrics news a lot the last few days.

Pros:
-Facial recognition accuracy is degraded as the pose angle diverges from a full frontal view. As pose angles get bigger, an ear will come into view. Tying an ear-recognition system to a face recognition system could make more identifications possible, especially with a non-participating subject.

Cons:
-Ears aren't really that stable. They grow throughout life, as the quote above addresses.
-As high school wrestlers can attest, ears are easily deformed by trauma.
-Hair obscures significant portions of the ear in a significant percentage of the population.

That's not to say that they aren't or won't be useful.

As a wise man once said: "Biometric X is a great biometric, if it's the only one you have."

There are bound to be applications where the ear is the only anatomical identifier at hand and for those applications ear-recognition algorithms will be useful.

Friday, October 8, 2010

Thursday, October 7, 2010

Giving identity to Delhi’s homeless

HindustanTimes.com
For Abida Begum (20), a homeless woman who makes Rs 100 a day washing clothes in the untidy sprawl of Delhi's Nizamuddin Basti, India's Unique Identity (UID) project will, hopefully, stop constant police probing and harassment.
...
“I am told that I can open a bank account with the card (number) given. We were unable to open one, all this time, because I could not give proof of address or who I am,” said Ibrahim, who's been living in the Capital for more than 10 years.
Can you imagine an existence where you couldn't identify yourself to anyone who didn't know you already?

This post mirrors these two dealing with Afghanistan.
Biometrics: Giving Afghans an identity
Biometrics: Giving Afghans an identity UPDATE

Wednesday, October 6, 2010

Busted: Woman, 81, jailed in vote-fraud case

Woman, 81, jailed in vote-fraud case (MySanAntonio.com, via Drudge)
Bexar County deputies Monday night arrested a woman accused of using her long-dead sister's identity to vote twice in the 2008 general election.
...
The Texas Department of Public Safety's image verification system matched the photo on Comparin's driver license to the one on the “Collins” license, according to the affidavit.

Brazilian election biometrics have 93.5% success rate

(News.Xinhuanet.com)
The website of the Diario Catarinense, from Port Alegre, the state capital of Rio Grande Do Sul, said that 742 biometric machines had been installed in the city, and only three removed from service due to problems, or around 0.4 percent. An official at the TSE said the machines should be rolled out to the whole nation in 2014.

Among English language media outlets, this topic seems to have generated interest in the Chinese press and not elsewhere.

I tried without success to chase down the Porto Alegre article for any Portuguese speakers out there. If any readers happen across it, I'll certainly post a link.

UPDATE:
This may be the article referenced by Xinhua:
Eleitores do município de Canoas (RS) aprovam urna biométrica

Nely Menetrier, 84 anos, também se mostrou satisfeita com a urna biométrica.

– Gostei da nova urna, foi fácil e rápido.
Translation:
84 year-old Nely Menetrier also expressed satisfaction with the biometric ballot box. "I liked the new ballot box; it was easy and fast."

Voting is compulsory in Brazil so technologies that make the process more manageable will have a large impact. It wouldn't shock me if more votes are cast in Brazil than any other country.

Did their voices betray them?

Did their voices betray them? The discovery of an alleged terror plot against Europe owes at least some of its success to "voiceprint" technology that allows law enforcement to electronically match a voice to its owner.

The technique – which some compare to fingerprinting – can be a powerful anti-terror tool, officials increasingly believe. Law enforcement agencies are already considering how a voice database could help thwart future plots.