Friday, July 30, 2010
The article states that DNA tests require a 3 hour turnaround time and a $50-$500 price tag for each query. Very few identity management applications are practical within these constraints.
Most time frames for DNA analysis floating around on the web are 3 days for rush jobs and up to 6 weeks for normal testing. In some things, time and money are interchangeable but this isn't true for everything.
Taking the data in this article at face value, it seems that a 6 week DNA analysis could be done for $50 and the price will go up as the turn-around time is shortened. There is also the fact that all DNA analyses are not equal. Searching for a Y chromosome to determine gender will take far less time than using DNA to discriminate among siblings.
That DNA isn't viable as an access control biometric is a drastic understatement.
On the other hand, if DNA is all you have to go on, it's a great biometric.
The Unique Identification Authority of India (UIDAI) has selected three consortiums, led by tech firms Accenture, Mahindra Satyam and L-1 Identity Solutions, respectively, to provide technology solutions to capture the fingerprints and iris scans (known as biometrics) of the country’s 1.2 billion people. The consortia include algorithm and system integration providers.
Thursday, July 29, 2010
“The U.S. passport is the gold standard for identification. It certifies an individual’s identity and U.S. citizenship, and allows the passport holder to travel in and out of the United States and to foreign countries, obtain further identification documents, and set up bank accounts,” [Md. Sen. Benjamin] Cardin said. “We simply cannot issue U.S. passports in this country on the basis of fraudulent documents. There is too much at stake.”
Technology can really help with this sort of challenge. Giving better tools to those trying to do the right thing makes the world a better place. Giving better tools to those who aren't trying to do the right thing can have the opposite effect.
A lot about what makes living in the information age a wonderful thing is that we have the power to forge relationships (commercial, financial, romantic, etc.) with a quantity of individuals that is orders of magnitude larger than anything humans have ever experienced. This fact has forced people to come up with new tools to assess who is and who is not trustworthy.
Granted, these tools aren't always technological. The use of branding to confer trust is a very old technique indeed and it's actually pretty close to what the Senator is talking about in the quote above. The U.S. brand confers the trust that the identity document is accurate and authentic, but the U.S. can and does use technology in maintaining the value of its brand. If the brand wasn't worth protecting, no amount of technology could confer trust.
The linked article is worth reading in its entirety.
Wednesday, July 28, 2010
Children up to 15 years do not have sharp patterns of fingerprints, the metric used to uniquely identify each one of them and more importantly, for authentication. The iris — the coloured portion of the eye — that is to be used to issue a unique identity number, too, does not fully develop before seven years.
“The iris starts achieving 90% stability in size only after six years of age. A normal iris starts assuming stability only by eight years,” said Dr Rakesh Gupta, consultant eye surgeon at Max Balaji Hospital in New Delhi.
Fingerprint patterns assume stability at an even later stage, around 16 years, said Dr V Khanna, a South Delhi-based skin specialist. “Fingerprints are very feeble in children and difficult to capture,” he said.
A case in point is the Janani Suraksha Yojana, which hands out incentives to mothers. Earlier this week, a fake babies scam was unearthed in Bihar where 300 women claimed to have delivered up to five babies in a span of 60 days to avail an incentive of Rs 1,000 for each baby.
Tuesday, July 27, 2010
The Head of the Civil Service of the Federation, Stephen Oronsaye, said the biometric enrolment of pensioners embarked upon by his office has started to yield some of the desired results.
Mr. Oronsaye made this known when four suspected fake pensioners, three men and a woman, arrested at the Lagos Centre in the course of the exercise were paraded by the Police in Abuja.
Monday, July 26, 2010
Japan is testing a billboard that can tell the difference between male and female faces - and display appropriate ads accordingly. The system is running now in subway stations around Tokyo, CNET writes. A consortium of 11 railway companies launched a one-year pilot project to test the signs. Its aim, according to CNET, is to collect data on what sorts of people look at which ads at what times of day.The CNET article linked above mentions that facial recognition is involved.
Tools developed for identity management can be applied to other challenges such as gender determination for the purposes of marketing in public places even though gender determination by humans is an extremely complicated process. Most facial recognition systems used for identification don't attempt to evaluate the gender of the individual. This is due to the fact that in a security context (logical and physical), the exact identity of the individual is more important to those who deploy theses systems than is gender. The users' tolerance for mistakes in the security context is low.
In a marketing context, the rules of the game change. A static billboard for a gender-specific product will appeal to some proportion of the population. Due to differences in age and gender that proportion is likely far short of 50%.
A system that tries to figure out age and gender doesn't have to be correct all the time in order to provide a positive return on investment (ROI) by increasing the percentage of impressions that have a chance of impacting customer behavior.
Moreover, the costs of the system making an incorrect judgment approach zero and the rewards for "tricking" the system are zero.
Even better, if the system is "tricked" by, for instance, a man with highlights and wearing lipstick, the system still works if you are advertising lipstick.
Sophisticated adopters don't let perfect be the enemy of the good.
The chip inside the passport contains information about the holder’s face – such as the distances between eyes, nose, mouth and ears. These details are taken from the passport photograph that you supply. They can then be used to identify the passport-holder. The chip also holds the information that is printed on the personal details page of your passport.
Thursday, July 22, 2010
Wednesday, July 21, 2010
So desperate was one man to conceal his identity that he began biting his fingers and drawing blood while being booked.
Some have used eyedroppers filled with acid or pressed their fingers onto burning metal to blot their fingerprints. Others have spent thousands of dollars to hire shady doctors to surgically alter their fingertips, hoping to scar them beyond recognition.
The Ambervision program will kick off this fall in all West Virginia public schools. Parents will have access to a database that will allow them to change or add pertinent information about their child's appearance.
Tuesday, July 20, 2010
Thanks to @heidishey for bringing my attention back to this excellent article by Bruce Lyman, CEO at Argus Global.
Mr. Lyman goes on to examine biometric deployments in terms of Return on Investment (ROI), a topic close to our heart.
Good technology underpins many processes, both inside and without the business and, as many end users will know, understanding how technology works is rarely integral to its usefulness.
Indeed, technological excellence can in some part be measured by how little we need to know about a product to be able to use it. Such is the case with biometric technology, where the biometric itself is only part of the story.
Our real interest concerns (a) how easy it is to use on a daily basis, and by staff of varying technical aptitude and (b) what are the possible outcomes of using this technology?
- Security ROI: the cost of making a mistake
- Productivity ROI: improvements to the business
- Financial ROI: making the strongest case
UPDATE: This post gets a fair amount of traffic. The link above no longer seems to work. A cached version of the article linked above may be available here. The page takes a while to load.
Biometrics has received a lot of bad press during its short life. Fingerprint technologies have issues many businesses, and security professionals, would rather not deal with. And then there is the cost. So is there a technology that may provide security, involve low maintenance costs, minimize management headaches, and is acceptable to users?Author Tom Olzak does a good job of comparing fingerprint authentication systems to systems that use the eye's iris and he makes excellent points about their strengths and weaknesses.
As we like to say, there is no "universal donor" in biometric identity management deployments. In some cases fingerprints are the best, in others, face recognition will be the way to go. Function dictates form. A successful deployment requires a deep understanding of the use model.
Monday, July 19, 2010
The Law Enforcement Exhibition is scheduled for Saturday and Sunday in the Hynes Convention Center, Hall C.
Law enforcement officers from the Boston area not attending the conference may obtain a Law Enforcement Day Pass to tour the exposition Saturday or Sunday. Department-issued photo ID required.
If you're in the area, please come visit us:
Sunday, July 18, 2010
This has been getting a lot of attention in the Twitterverse and elsewhere.
Scores of people the Aadhaar project will help the most do not have the sharp, curving lines on their fingers as depicted in its logo. Millions of Indians working in agriculture, construction workers and other manual labourers have worn-out fingers due to a lifetime of hard labour, resulting in what is euphemistically referred to in technical literature as ‘low-quality’ fingerprints. This is precisely the demographic that UID aims to help — those that are outside government records and welfare schemes.The Indian UID project has captured the public's attention. People are becoming aware of the promises and challenges of large scale biometric identity management deployments. This is a good thing.
While the UIDAI uses two other metrics — an iris scan and a photograph — in issuing the unique identity number, fingerprinting will be the metric used in authentication. This means a passport applicant with worn-out fingers may present his newly-issued UID number as a conclusive proof of identity, but could find the application rejected. The authentication process using a fingerprint scanner could classify the applicant’s worn-out fingers as a so-called ‘false negative’.
On the technical front, "worn out" fingerprints don't present an insurmountable challenge to the Indian project. An ID management system that increases efficiency in the vast majority of transactions while presenting no new obstacles in the rare cases is a valuable system.
The proper way to evaluate a proposed identity management system is to compare the system currently in use to the expected performance of the envisioned system while balancing the costs of the new system against the improvements upon the old way of doing things. Too often, those skeptical about biometric ID management deployments start from the position that anything less than automated perfection is failure*. This attitude can impede the adoption of cost-saving improvements in critical organizational processes.
In adopting a multi-modal approach -- the UIDAI seems to have allowed for the use of iris for backup authentication as well as providing a photograph and an ID number -- it does not appear that India is creating an ID management system that will be unable to serve those with "worn out" fingerprints or those with disabilities that would prevent them from using a fingerprint based system.
*Similar thoughts here.
Friday, July 16, 2010
Safran is among the bidders pursuing a deal to buy L-1’s businesses that help customers track biometric data, said the people, who declined to be identified because the talks are private. U.S.-based L-1 is likely to be split up, with another buyer acquiring a separate unit that sells consulting services to U.S. intelligence agencies, said one of the people. No deal is likely to be reached for several weeks, the person said.More information about Safran is available:
Interesting questions for the future:
Will L-1 be bought whole or will it be sold off piecemeal?
Does the answer to the question above offer a verdict on L-1's strategy of acquisition rather than organic growth?
Thursday, July 15, 2010
Here's a little hometown analysis of the impact that our federal legislators have had on the economy of West Virginia and what the death of Sen. Byrd, the primary defeat of Rep. Mollohan, and the commensurate loss of federal funding could mean to the area.
“When Sen. Byrd moved the FBI fingerprint operation into Clarksburg, as much of a visionary he was, I’m not sure even he could have fathomed the growth that that created for the state,” said Rick Gill, CEO of the Washington, D.C.-headquartered National Biometric Security Project, which maintains an operation in Morgantown.Both of the cities in the quote are in West Virginia's I-79 Hi-Tech Corridor.
Wednesday, July 14, 2010
In what legal and scientific experts say is a groundbreaking case, a San Francisco Superior Court judge allowed biometric facial-identification technology, along with accompanying testimony from an expert witness, to be admitted as evidence in a high-profile criminal trial.As pointed out here, biometric identity management systems are tools that work both ways. The technology can be used by defendants as well as prosecutors.
And in a curious turn, biometrics — the science popularized for its use in attempts to catch terrorists — was being used in San Francisco to try to exonerate an accused gang member and murderer.
This lengthy article, however, is pretty pessimistic about face-rec in general. To this point, I would draw attention to the fact that there is a huge difference between attended and unattended systems (a more complete resource for how to categorize different systems is here).
Several years ago, a surveillance experiment at a train station in Mainz, Germany, found that automated facial recognition had a success rate of only 60 percent during the day and as low as 10 percent at night, when poor lighting made identification more difficult.The system described in Mainz, above is an unattended system used on non-cooperative, non-habituated individuals in a public, non-standard environment. 60% is nothing to sneeze at and the proper frame of reference is 0% (the number of people identified in the absence of a system) not 100%. So, Mainz went from 0% identifications to 60% in the daytime (possibly) without any spending on human resources and this is failure?
Poorly calibrated expectations are a real issue in the biometrics sphere. We in the industry need to make sure that we are setting reasonable expectations for our customers and helping them to craft systems that meet their needs. We have an obligation to deliver value and an incentive to educate our customers.
Tuesday, July 13, 2010
Monday, July 12, 2010
International Biometrics & Identification Association to Focus Efforts on the Growing Issue of Identity Management
The International Biometrics & Identification Association (IBIA) today announced that it has expanded its mission to focus on the overall issue of determining identity. This new mandate, one which will see biometric and other technologies play an increasingly important role, has been deemed critical by the IBIA, given the rise of authentication issues facing data security, identity theft, immigration and homeland security.
This makes sense. Biometrics are a means to an end. Identity management is the goal.
Saturday, July 10, 2010
Park-goers will be required to have their fingerprints and photos on file with the city, the paper said.
This kind of usage can be confusing.
All fingerprint access control systems store a template generated from a person's fingerprint. It is not possible to "reverse engineer" a template into a complete image of the fingerprint that created it. In this limited use case it cannot be said that fingerprints are on file with the City.
Other fingerprint access control systems do store an image of the fingerprint as well as the template generated from it. In this use case, it is accurate to say that fingerprints are on file with the City.
The article implies that the system in place in Poway is of the latter sort.
Related thoughts about a different system can be found here.
Friday, July 9, 2010
For those interested in facial recognition, the article linked above provides insight in to the uses and limitations of the technology. It also provides information about a few places where people can gain firsthand experience with facial recognition applications using their family photos.
Thursday, July 8, 2010
On the technical side, biometric identity management is about the physical facts of a person in a given environment, communication, databases, sensors, permissions, etc. Once an organization works through these details, a successful biometric deployment becomes possible.
But there is a social component to almost all identity management deployments outside of prisons. ID management (biometric or not) only works if it isn't subverted by the users. If users are careless with keys, passwords and proximity cards; if doors are propped open or those with access allow others to "tailgate," the effectiveness of the ID management system is undermined.
India's UID project (once again) provides a useful window into how organizations manage the cultural side of a large-scale identity management deployment and the things that must be considered. The linked article provides insight into the India project's efforts at stakeholder marketing.
Combined, they have more than 150 years of marketing experience.As they say, read the whole thing.
All were headhunted by Maruwada, who looked to bring the country’s most experienced minds in communications, marketing and advertising to tackle what is arguably the UIDAI’s most important challenge—marketing the idea of a universal government identity to citizens from every caste, region and religion.
Identity management is about people.
Wednesday, July 7, 2010
"The Department of Education is committed to keeping West Virginia's children free from harm," said state Superintendent of Schools Steve Paine. "Ambervision adds to our ability to keep every child safe and increases the chances of a good outcome in the unfortunate event of a missing child."The AmberVision system will be adopted state-wide in West Virginia this fall.
HUBLI: The ‘I don't care' attitude of the government employees who are accustomed to coming late, taking multiple breaks for tea, cigarettes and chatting during office hours will be a thing of past, at least in Dharwad.Many see the implementation of biometric identity management systems as enhancing government power over the people. As this article shows, they can also be implemented to increase the people's power over their government.
The CCTV cameras and biometric machines which hitherto were only seen in corporate and other private offices have found its way into the deputy commissioner's office in Dharwad, making it probably the first DC office in the state to install it in a bid to discipline the government servants, who normally are blamed for taking their work lightly.
Tuesday, July 6, 2010
"It might sound hard, but more accuracy means more fairness, for both staff and customers," says Mr Machin. "Thirty percent of our costs are labour. The more we pin costs down, the more choice we have about how to distribute rewards. And the better we get at pricing our produce, the more customers we bring in."This article shows how new technologies, including biometric identity management technologies, are helping small businesses generate the data that help them operate with the same type of information large companies have been using for ages.
These identity management technologies combined with Enterprise Resource Planning (ERP) techniques are allowing small businesses to arrive at a precise calculation of costs, taking the guesswork out of pricing decisions. Moreover, the return on investment is significant.
"I would say our original investment in the time and management system has repaid already. The wages calculation, for example, used to take a couple of days. Now it is a matter of hours."
Friday, July 2, 2010
UPEK Terminates AuthenTec Proxy Contest and Merger Proposal after Grady's Resignation as Chairman of AuthenTec's Board of Directors
In his letter Grady explicitly says: 'My decision results from my increasing discomfort with the Company's de facto embrace of the status quo, and tolerance of management leadership's actions to resist value-creating transactions. I believe that the Board and management of AuthenTec should take decisive action to enhance shareholder value, but that view, supported in concept, is not reflected in actions. Enhancing shareholder value needs to be more than a talking point.'The events described in this article concern two fingerprint sensor manufacturers, but you can expect to see many more articles of this nature over the next few years.
The biometric identity management sector will see rapid consolidation for several reasons:
- The most coveted customers for biometric identity management solutions are very large organizations, while the suppliers of goods and services tend to be very small companies. The big companies know that the little companies don't have the depth to support them. This doesn't mean that deals don't get done. The small tech. firms can and do partner up with large scale IT integrators to meet the needs of large customers, but this model presents its own challenges.
- Investors in early- and development-stage tech start-ups would like to see the beginnings of a possible exit strategy. It's not that they all want out; it's just that all investors are investors because they would like to earn a return. Without shareholder liquidity, an exit from an investment and the actualization of the commensurate gain or loss is difficult.
- The current investment and economic environment means that firms in the sector will fail and their assets will accrue to the remaining firms.
- The firms, themselves, and their boards will see growth opportunities and increased liquidity and heightened ability to support their customers without outside assistance as they grow larger through acquisition.
Thursday, July 1, 2010
The Indian agency assigned by the government to issue identity numbers has proposed stiff penalties, including imprisonment, for anybody found misusing personal biometric and other information that it collects.We've had our eye on the Indian census for a couple of different reasons: the size, scope, ambition and audacity of the effort is unprecedented.
We have focused most of our attention on the technical aspects of the project. The article linked above deals with some of the cultural issues that must be addressed in any biometric identity management implementation, especially one on the scale of the India project.
At the end of the day, identity management is about people.