Friday, May 28, 2010

The Politics of Biometrics: A Shibboleth

Telegraph.co.uk - Children, 4, 'to be fingerprinted to borrow school books from library'

Anyone who terms the implementation of a fingerprint biometric system as described in this article as designed to help libraries serve their customers more efficiently "the fingerprinting of children" is either confused or or lacks respect for their audience.

"Fingerprinting" conjures up images of prison movies, the "rolled ten" and the loss of personal freedom. The fingerprinting process in the usage above is not undertaken in order to further the interests of the person providing the fingerprints. It is typically undertaken to help protect society from the person behind the fingers and carries with it a social stigma. Biometric alarmists intentionally and wrongly bring all of "fingerprinting's" social baggage and dump it onto fingerprint identity management systems.

Besides being misleading, the use of the term "fingerprinting" isn't technically accurate in this case, either. As with the fingerprints we all leave everywhere everyday, the only fingerprint that exists in the system described in the article will reside on the surface of the sensor and only until the next person uses it. According to Lesley Isherwood, the school headmaster, neither the fingerprint nor the image of the fingerprint is stored in a database.

What happens is this: A person places their finger on a sensor. The sensor reads the fingerprint and software turns the fingerprint into a unique number. For the software to work, the same finger has to be converted into the same number every time. It's the numbers that are stored, not images of the fingerprint.

This approach makes sense for a lot of reasons. First and foremost you can't lose data you don't have and no school administrator (risk averse lot that they rightfully are) wants to explain how they lost a bunch of kids' biometric information. Also, in a software environment, numbers are easier to work with than images. Moreover, most adults are rightfully protective of the innocence of children and are pretty conservative when making choices on their behalf.

Of course, an article with the headline: Children, 4, 'to be fingerprinted to borrow school books from library' is bound to have some choice quotes from a Biometric Alarmist:
“This is quite clearly appalling,” said Phil Booth, national coordinator of NO2ID, a privacy campaign group.
To be fair to NO2ID, judging by their web presence, Mr. Booth would appear to be one of the group's more committed members. The group itself seems to be pretty moderate in trying to raise issues of individual liberty and its relationship to the state in the context of digital identity management in a country (the UK) famous for its government surveillance systems. Nevertheless, the school library's system is far from self-evidently appalling. Thankfully, Mr. Booth provides some guidance for those who need some help becoming appalled.
“For such a trivial issue as taking out of library books the taking of fingerprints is way over the top and wrong.
If the taking out of library books is trivial, why not just close the library? And please don't take the child's fingerprints, she'll need those to get lunch.
“It conditions children to hand over sensitive personal information.”
No it doesn't; It conditions children that they must identify themselves to an organization in exchange for enjoying the services that organization offers. The fingerprint authentication is a substitute for a signature or an item with an attached bar code and it's not particularly sensitive.

A signature (which many 4-year-old's are unable to provide) is perhaps more sensitive than a number representing a fingerprint. Just think of the risks under the old signature-card-in-the-book-cover regime. Anyone who ever checked out a book after you could potentially forge your signature.

The use of ID cards with bar codes, an alternate identification method used by libraries, also poses a risk to the child's sensitive information in the event the cards become lost.

I do agree that children (adolescents and, alas, adults too) need quite a lot of guidance in keeping their privacy. See facebook, sexting, You Tube, etc. Something in the society is definitely conditioning young people to treat their privacy in ways that are shocking to some, but I don't think elementary school libraries are the culprit.
“The money for such a system could be spent on actual school resources. How about some more books for the library instead?"
A penny saved is a penny earned. Books are no different. One might hope that the identification system in use will prevent more books from being lost over time. It would then be up to the school to decide how to invest the savings. With the reduced risk of loss, perhaps they will buy more books. Rather than replacing lost volumes the library might even expand the number of titles they are able to offer.
“This needs to be rolled back or stopped. I would argue there is no justification for such a scheme.
There is obvious justification for such a scheme:
  1. It gives the library the ability to more efficiently serve its stakeholders by reducing transactions costs.
  2. It eliminates the necessity of a token (card). It is expensive to replace lost cards. Lost cards may be used by others. Those who have lost their cards will borrow others'. Children lose things.
  3. Reduced loss of library books, leading to a better library.
  4. It is a system that is so easy that, apparently, even 4-year-old's can use it.
Perhaps Mr. Booth means that the justifications are insufficient to overcome his objections. I would be very interested to hear his argument in more detail than is given in the article.

Thursday, May 27, 2010

South Australian prisons to get biometrics systems

ComputerWorld.com.au
The systems will provide a method of registering and verifying all persons – staff, visitors and inmates - entering and leaving the facilities, and assist in the management of persons moving in and around the facilities.
You really don't want to release the wrong person or let visitors switch places with inmates. Systems like these help a lot.

Wednesday, May 26, 2010

Hefner Middle School students are using biometric technology to buy breakfast or lunch

The Oklahoman
This is really a wonderful article touching on a lot of the things we discuss here.
"This is impressive technology,” said Jennifer Strong, director of food services and child nutrition for the school district and a Sodexo employee. "And, it definitely has the cool factor kids like. Anything we can do to make school food cool, we consider a triumph.”

Dupree Millhouse, 12, agreed. "The scan thing is much cooler,” he said. "And right now we’re the only school that has it.”
There have been a lot of efficiency gains surrounding how meals are delivered to students.

Less than 1% of parents have opted out of the system.

Monday, May 24, 2010

[Australian] Police seek national database of driver's licence photos

Brisbane Times

THOUSANDS of Australians have their identity stolen every day, costing the public billions of dollars every year.

To combat the problem, police need better access to information, including access to photos from every drivers' licence in the country, argues the head of CrimTrac, Ben McDevitt.

Friday, May 21, 2010

Goodbye ID cards - is it time to say hello to identity banks?

From ComputerWeekly.com
Much of the recent news about biometrics has been coming from the UK, with the new government there having scrapped the planned biometric national ID card and other identity management functions. Much of the news is written, of course, from a political perspective. If the personal is political, what can be more political than one's identity?
Bryan Glick at ComputerWeekly.com understands that the rejection of a statist, top-down approach does not mean that identity management systems are unnecessary or that all proposed systems will be rejected by a free public.
But there is a growing recognition that an increasingly internet-enabled society will need some form of electronic identity verification system to tackle identity fraud and provide the confidence needed to transact securely online, especially as more public services are provided over the web.
Glick then draws attention to a 2008 report by Sir James Crosby, then at HM Treasury, entitled Challenges and Opportunities in Identity Assurance (.pdf). The 47-page report contains a breadth of information that makes it a great introduction for how to begin thinking about the challenges associated with large-scale biometric identity management deployments. It is very accessible and deserves to be read widely.

Thursday, May 20, 2010

Google debates face recognition technology

FT.com
Mr Schmidt said: “Facial recognition is a good example . . . anything we did in that area would be highly, highly planned, discussed and reviewed. When you go through these things, you review your management procedures.”
Apart from Google's history with privacy issues, they do face a dilemma, as the article points out. There is no reason to limit search terms to text only. Some innovator will bring search into the visual arena and enable a picture to be used as the search term. Without new regulation, that means that at some indeterminate point in the future* someone could take a picture of a face with a cell phone and find out a lot about that person.

These tools are coming. They will bring huge productivity gains. They will be abused.

Those concerned about the effects of technologies like Google Goggles upon their family's privacy would be well advised to think about what information about them exists online and what they do now to manage who has access to it. Most of us have near-total control over what personal information ends up on the internet. If the only thing keeping online information about you "private" is the lack of better search engines, then it might be a good idea to reevaluate how much personal information you post/allow to be posted online.

It is possible, even likely, that the internet will become both more private and less private. More private as
Google increasingly respects the interests of content owners (FT again). Less private as better search brings more of the internet to users attention.



*The technical challenges of using a picture of a person's face as the only search term for a search of the internet for facts about that person are extremely daunting. If you take a picture of an apple, presumably the search would return lots of pictures and information relating to apples. If you take a picture of a person, presumably the search would return lots of pictures and information relating to people. Converting an object recognition search that has yet to be deployed into an facial recognition search is a long way off.

Wednesday, May 19, 2010

Biometric scanners introduced at Bunbury nightclub

From the Bunbury Mail (Update Link expired)

NEW technology introduced at Exit Late Night Bar which scans fingerprints and driver’s licences has been praised as big leap forward for people’s safety while clubbing.

Tuesday, May 18, 2010

StrategyPage.com: Fingertips, Part 2

From StrategyPage.com
Japan has been having problems with people defeating its new biometric immigration control system.

Monday, May 17, 2010

Teachers sue Sausalito-Marin City district over thumb scans

From MercuryNews.com

The Union:
"Time clocks are regulated under the federal Fair Labor Standards Act which specifically excludes teachers," Hasson said. "Teachers are not hourly employees."
The Superintendent:

Bradley cited "safety reasons" for the policy, saying it would help the district know the employees' whereabouts during emergencies or evacuations.

"The time clocks will create a more accurate and efficient method of tracking the number of staff members present, and will ensure the safety of all," Bradley wrote in an Oct. 29 letter, a copy of which was included in the lawsuit.


Although a fingerprint clock-in system would be of use in an emergency, I think the teacher's union gets that this can be a real money saver for the school district. The data generated by such a system could perhaps be of real use to the school district in the next contract negotiation, assuming that the union doesn't want it for the same (unstated) reason that the superintendent does want it.

Expect to see a lot more articles like this as public sector unions attempt to defend their agreements against newly-frugal bureaucracies.

Friday, May 14, 2010

UK to Kill Off National ID Card Program

From CIO.com
The U.K.'s new coalition government plans to cancel the national ID card program, calling it part of a "substantial erosion of civil liberties" that took place under the former Labour government.

Thursday, May 13, 2010

Polish bank claims Europe's first biometric cash point

From The Independent (UK)

Could it be? Are token-less ATM machines now in use in Europe?

From day one, cash machines have required a token and a PIN. The token, a plastic card, identifies you to the banking network and the PIN confirms that the card is being used by someone who knows the account holder's password.

When the card is introduced into the machine, the banking network already knows the correct PIN that goes with the card. The computer network has only to answer one simple question: Does the PIN that goes with the card match the PIN that was just entered into the machine? If the answer is yes, the transaction is executed and the ATM user gets her cash.

In the case of the token-less ATM's described in the article linked above, it is less clear what is going on. Unlike the magnetized plastic card, fingerprints and PIN's don't store any account information so their use can't lead directly to a simple yes/no question for the bank software to sort out. So what is happening?

It's probably not the case that the bank customer puts their finger on a sensor and the bank software identifies the proper account from the finger alone to be confirmed later by the PIN. This would require the bank software to answer a yes/no question as many times as it has finger vein-enabled accounts every time someone uses the machine. Example: Does this finger go with account 1? If no, does this finger go with account 2? If no...

I suspect that, in order to dispense with the plastic card, the machine's software designers ask the user to input their PIN first. That would reduce the number of yes/no questions the software must answer in order to confidently establish a user's identity by a factor of 10,000 by allowing the software to search only from among accounts that use the same PIN. Given that there probably aren't very many consumer checking accounts that are finger-vein accessible, the customers of BPS SA aren't likely to notice any increase in the machine's response time over earlier cash machine models.

A system, such as the one described in the article, however, is likely to experience considerable growing pains. First, in order to serve other bank's customers and to reap the considerable fees to be charged in so doing, the machine must still support the old fashioned card-and-PIN model, adding to the costs of the machine by adding an input device to the older model (sensor/card reader/key pad vs. card reader/key pad).

Then, as the number of the bank's customers which use the finger-based method to access their account increases, the number of yes/no questions the software must sort through increases as well, slowing response time.

When my local bank adopts a finger-based system, I can start using the BPS SA machines while in Poland, correct? Not necessarily. If my bank uses the same Hitachi software that BPS SA uses, then things might work out, but if it has chosen another finger-based biometric vendor then things are unlikely to go well unless the banks involve a middleware vendor such as SecurLinx.

Over time and with the giant leaps in computing power implied by Moore's Law, applications like the one described in the linked article will be brought to the market improving the efficiency of the banking industry and improving the lives of people worldwide. Those days, however, are still in the future. The BPS SA case is probably best seen as a proof-of-concept experiment, rather than a full commercial deployment.

The exact same critiques could have been and probably were voiced when John Shepherd Barron, the inventor of the cash machine, first pitched his idea to Barclays way back in 1967. Kudos to BPS SA for blazing the trail.

Tuesday, May 11, 2010

Australia: $4.3b to bolster national security

I recently became aware of the Australian reality series, Border Security: Australia's Front Line,
while traveling outside the U.S.

I must admit to being a bit perplexed at the time. Border security on an island didn't seem to make for a lot of excitement.

Then I read this from the Australian Broadcasting Corporation: $4.3b to bolster national security.
There will also be new high-tech measures, with $69 million to introduce biometric checks of international passengers before they embark for Australia, and $11.4 million for the Next Generation Border Security Initiative that identifies visa applicants who may pose a security risk.
In reading the article it becomes clear that oceans are no defense against modern threats and there are those who will use Australia's values of freedom and hospitality to asylum seekers against it.

Good on you, Australia, and keep up the good work.

Monday, May 10, 2010

Biometrics protecting minority rights

Private club aims to keep cigar smoking sociable - The Roanoke Times

An annual fee of $1,000 and a biometric lock that reads fingerprints offer entry into the not-for-profit club, which formally opened April 16. Cigar aficionados living outside a 50-mile radius pay $500.

"The club is something Renee and I have always wanted to do," David Meyer said. "We just always envisioned a nice place for people to come and enjoy a cigar."