Friday, December 30, 2011

Three Taiwan Airports to Open E-gates January 1

New measures to be launched Jan. 1 (Taiwan News)
An e-gate system will be introduced at Taiwan's three main airports -- in Taoyuan County, Taipei and Kaohsiung -- to expedite immigration clearance for Taiwanese citizens. The unmanned gates will verify the biometric data of passengers passing through.

Thursday, December 29, 2011

Apple Envisions Face & Presence Detection Security for iOS Devices

Mobile Device Face-Rec ( via @m2sys)
In today's revelations, Apple introduces us to a more down to earth and practical security system for our portable devices. For simple home or personal use, the system could be setup to recognize your presence and face to quickly turn on your device. This would bypass the need for entering a password or even having to touch the home button to get to your homepage. For use at work, the facial recognition system could be set to higher levels of security. All in all it sounds like a very promising security system is in our future.
I highly recommend this article.

Albania, Macedonia, Montenegro Sign Free Travel Agreement

To facilitate and encourage the movement of people (Eurasia Review)
At the meeting of the Adriatic Charter Countries in Tirana on December 14th, Albania, Macedonia and Montenegro signed an agreement allowing citizens of all three countries to travel with a passport and biometric ID cards to and from the respective countries.

Davenport University offering degree in biometric security

Biometrics is the wave of the future (KCBY)
About 55 students are enrolled in either the two- or four-year biometric security degree programs at Davenport, a 141-year-old school of 13,500 students with its main campus in Grand Rapids.

Biometric security - which identifies people based on unique personal characteristics - has become more common since the terror attacks of Sept. 11, 2001. Government agencies and private businesses are investing in biometric devices that grant or block access after scanning fingerprints, eyes, facial features or vocal patterns.

Wednesday, December 28, 2011

India: Criminal Tracking Network Ready by 2012

Goal: Interconnect all police stations in India (Times of India)
"With the CCTNS in place, all information will be available online. Information regarding fingerprints, unidentified bodies, missing persons, stolen vehicles, stolen arms, etc, will be just a click away. At present, if we need information about a suspect, we send intimations to our counterparts in other states. This is a time-consuming process," said Dhiware.

He said that the data was being fed into the computers at the stations where the system was being installed. "Police personnel are also being trained in handling the software."

Other CID officials said the CCTNS would create a national databank of crime and criminals and their biometric profiles. This database will have details of the criminal justice system including courts, jails, immigration, passport authorities, forensic labs, transport department, mobile companies, central agencies etc, in a phased manner.

Vending Machines Show Two Different Uses for Biometrics

Kraft unveils vending machine that scans people's faces to estimate age (Daily Mail - UK)

Medbox biometrically controlled system provides prescription medicine dispensing (Deleted broken link)

The Kraft example uses biometrics to discern demographic information. The Medbox example uses biometrics to confirm a unique identity.

Discerning demographic information doesn't require the user to have had any prior interaction with the biometric platform. Confirming a unique identity requires the user to enroll their biometrics in a database for later comparison and confirmation.

Monday, December 26, 2011

Fingerprinting in the workplace

Why fingerprints anyway? (Examiner)
Before the mid 1800s, law enforcement officers with extraordinary visual memories, so called “camera eyes”, identified previously arrested offenders by sight. Photography lessened the burden on memory but was not the final answer, since personal appearances change.
There's more on the history of ID, the Bertillion system, and current legal and corporate applications.

India: Another Target for UID Corruption-Busting

Using Aadhar to put an end to the oil sector scam (Deccan Herald)
Even more surprising is the absence of oil sector scam from the long list of scams getting national attention today. The PDS scam, involving an even larger amount of money, has failed to get the attention it deserves. Diversion of PDS kerosene and residential LPG is generating about Rs 52,000 crore on an annual basis. This should make it the mother of all scams in India. When other lesser scams are associated with some well known political leaders, the oil sector scam involves thousands of politicians, bureaucrats and petty businessmen at all levels. There is no single political leader or one political party who can be blamed for the oil sector scam.
Let's run some numbers.

52,000 crore Rupees is 520 billion rupees.
Rs 520 B is about ten billion U.S. dollars.

According to the CIA World Factbook, India's 2010 GDP per capita was U.S. $3,500.

If the numbers in this article and the CIA World Factbook are accurate, the losses in this one scam amount to the average annual productive capacity of more than 2.8 million Indians.

2010 population of the state of Utah = 2,763,885
2010 population of the city of Chicago = 2,695,598

This is shocking.

UAE Residents Able to Apply for Emirates ID Online in 2012

There are a couple of articles out today that deal with the mechanics of issuing/obtaining the new UAE e-ID and the uses to which it ill be applied.

Online applications to help check identity theft, errors (Gulf News)
“We had certified around a thousand typing centres across the country to carry out the pre-registration process. Now the new online application system means we are certifying thousands of internet-savvy people in the country to carry out their pre-registration process,” he explained. It may be recalled that Gulf News had earlier reported complaints received from people about errors introduced by typing centres in application forms. Emirates ID had cancelled the certification of several typing centres following repeated complaints.
Many residents had also complained about typing centres asking applicants to leave their original passports with them to complete applications thus exposing them to the risk of identity theft.
Another article touches upon the types of transactions that will make use of the new ID...

Online application for Emirates ID cards (
The Emirates ID card has been made mandatory for completing transactions at the Abu Dhabi Retirement Pensions fund, as well as at the Department of Real Estate Registration in Sharjah from January 1. The Sharjah Department of Real Estate Registration had announced that the ID card will be a mandatory requirement for completing any transactions at the department as of January 2012. The department has linked the ID card to all services rendered, including title deeds, registration, mortgages and other transactions. Eida has provided smart card readers to the department, to read data from the cards electronically and carry out transactions more efficiently.

Friday, December 23, 2011

Biometrics in Their Proper Security Context

Here's a really good article that, on its surface, is about the facial recognition capabilities included in the Android 4.0 mobile operation system. It also communicates a couple of important security concepts: deterrence and layers.

Facial Recognition and The Club (IT Business Edge via @m2sys)

I don't have to be faster than the bear, I just have to be faster than you.
Don't be the lowest-hanging fruit.
In the bigger picture, it's useful to think of The Club. The device, which clamps onto opposite sides of an automobile's steering wheel to prevent its turning, isn’t enough to prevent a theft. It is enough, however, to require at least a moderate level of expertise (and, in this example, tools) to get it off. There simply are so many totally unprotected targets – cars in one case, mobile devices in the other – that it doesn’t take too much to make the thief move on to lower-hanging fruit. The Club and facial recognition are deterrents, not foolproof safeguards.
Just because my house has locks on the doors and windows, doesn't mean I'm in favor of dissolving the police department.
The danger is that the technology will be seen as all the device owner needs to do to be safe. That isn’t the case. Serdar Yegulalp at Byte has it about right in his view that biometrics is best seen as one tool in the security tool chest:
There's ways to fix the facial unlock function to make it more useful. Schneier mentions in his piece how fingerprint readers could be programmed to prevent cheating by detecting a pulse or a pore pattern. Facial unlock, likewise, could be reprogrammed to only work if the person winks or smiles - two things a photo definitely can't do.
There are those who object to biometric identity management measures on aesthetic grounds. That's fine. There's no accounting for taste. The argument that because biometric security applications are imperfect as stand-alone solutions they are useless is, however, without merit.

The Rear-End as Biometric Modality

I'm usually pretty skeptical when it comes to novel biometric modalities but this one might have legs.

The Car of Tomorrow Recognizes Your Butt (Wired)
The driver’s seat is fitted with 360 sensors that measure pressure according to a scale of zero to 256. Each reading is plotted to create a 3-D image — essentially a topographic map of your ass — used as a personal identifier. Anytime someone gets behind the wheel, the system analyzes the shape of their behind. If it isn’t your rear end in the seat, the car isn’t going anywhere.

I don't think I'd roll this technology out in a way that would prevent the car from functioning as a car if the seat sensor identification didn't work out.

Remembering certain preferences, like seat position, climate control and audio options might be a great place to start, though.

Thursday, December 22, 2011

India: Lawyer Sanjay Parikh Unconvincingly Urges Biometric System Boycott

At the end of yesterday's post on Iraq, I wrote:
"It's also important to draw a contrast between violations of privacy that lead to more spam, phishing and identity fraud and the kind of privacy violation that can lead to political persecution, torture, prison and loss of life."
I've also been known to make a big deal out of the difference between Privacy and Anonymity (even more here).

So, I think it makes sense to reformulate the Privacy sentence above in terms of Anonymity as:
It's important to draw a contrast between the type of anonymity that can protect against more spam, social awkwardness and a loss of privacy in public and the kind of anonymity that can lead to political powerlessness, lack of social mobility, poverty and a shortened lifespan.
People with a legitimate ID tend to think of anonymity in terms of the first formulation, those who have anonymity forced upon them tend to suffer from the afflictions of the second formulation.

If a majority of Indians able to express their political rights agree with Sanjay Parikh, all Indians will suffer, but not equally. Those living in a condition of forced anonymity will continue to live lives of deprivation and poverty. Those who have legitimate ID will continue to subsidize corruption and continue to live in the midst of unnecessary suffering in a country that fails to assume a station in world affairs more befitting the world's second-most-populated nation and its largest democracy.

Lawyer urging people to boycott the world's largest biometric database (Sky News)

[Feb. 5, 2013 -- EDIT: The embed code for the video is broken but the link above is still good]

Wednesday, December 21, 2011

U.S. Military Departs Iraq, Takes Huge Biometric Database with It

U.S. Holds On to Biometrics Database of 3 Million Iraqis (Wired)

Two things are going on here. First, the United States is keeping the biometric (and other) information it gathered on some three million Iraqis over the length of its involvement in Iraq. Second, the military is not going to share that information with the Iraqi government it leaves behind, though it would be a simple and inexpensive thing to do. After all, information is not like cake — you can have your data and eat (or share) it, too.

The digital database is the property of Central Command’s intelligence shop in Tampa, Florida. It is conspicuously not in the control of the Iraqi government. Taylor says that the Iraqis might be able to access the database’s contents if they go “through the [U.S.] embassy” in Baghdad.

“Common sense-wise, we still have an interest there in helping our Iraqi partners,” Taylor explains, “and that information might be helpful to them should there be any issues.”

Taylor doesn’t say why the U.S. didn’t hand over its biometrics toy to the Iraqis. But there’s an obvious reason: Iraq’s sectarian divides have not healed. And a database filled with uber-specific information about approximately 10 percent of Iraq’s population could represent a wish list for a death squad, militia or insurgent group — some of which are aligned with Iraqi political parties.
This thought-provoking article addresses the issue of what happens to biometric information (or any other military intelligence, for that matter) when a military campaign is wound down.

Don't read it expecting firm and definitive answers, though. The article raises as many questions as it answers. John at the M2SYS blog does an excellent job of making explicit the questions the Wired article begs.

Answering the questions, however, will require a political, legal and military analysis rather than a technical analysis. After all, ID management is about people.

UPDATE: John at M2SYS, asks via Twitter:

I think it's highly unlikely that there will be a privacy backlash, at least among Iraqis.

The Iraqis (esp. Sunnis) friendly toward the U.S. military who had their biometrics captured are probably extremely relieved that the U.S. military has decided not to give the current Iraqi government their info. As for Iraqis of more violent intent, they're already lashing back and it's not over privacy concerns.

Once the U.S. military made the decision that it was going to keep the biometric database information — and it would have been truly astounding had it decided otherwise — exercising caution in how the data is shared lowers the risk that harm will come to individuals in the database and arguably demonstrates respect for the privacy of any ordinary Iraqis in the database.

It's also important to draw a contrast between violations of privacy that lead to more spam, phishing and identity fraud and the kind of privacy violation that can lead to political persecution, torture, prison and loss of life. My guess is that Iraqis worry more about the latter than the former and the former isn't very likely to result from the U.S. military's possession of the biometric data in question.

On another note, nothing prevents the U.S. from co-operating with the Iraqi government using the biometric data it has gathered on a case-by-case basis in the future. They simply decided not to turn over the whole database now, no questions asked.

Border Patrol Arrest: Biometrics Lead to Warrant for Felony Sexual Assault on a Child

Border Patrol snares alleged sex offender (Deming Headlight - link inactive)
Upon arrival at the Santa Teresa Border Patrol Station, the subjects' biographical and biometric information were submitted into the Integrated Automated Identification System (IAFIS) and additional data bases. One of the two subjects was later identified as 28-year old Erick Daniel Garcia-Garcia, a citizen of Chihuahua, Mexico. 
Garcia's background information revealed that he was wanted out of Boulder County, Colorado for "Failure to Appear in Court for Sexual Assault on a Child/Felony" and "Crimes against Persons."

Monday, December 19, 2011

Nepal: No headway in biometric ID project

Government will be unable to issue the biometric National Identity (NID) Card this year if it does not speed up the preparations (The Himalayan Times via @m2sys)
“The process of issuing NID card cannot gain pace unless law minister gives his nod to the NID bill,” the source added.

NIDMC had hired a Canada-based international smart card consultant Ardaman Singh Kohli for 20 months to prepare the DPR with assistance from the Asian Development Bank.

El Paso: New Border Crossing Systems Cause Entry Delays

New U.S. Border Crossing Systems cause Longer Entry Delays (MexiData.Info)
According to US Customs and Border Protection (CBP), the idea is to eliminate the time inspection officers spend manually entering document information into a computer as well as increase security for officers. Also touted by Unisys as heralding a 21st century approach to processing millions of crossings every year, the El Paso system was erected under a 2010 contract awarded to the company.

But on recent days, pedestrians crossing the Paso del Norte Bridge into El Paso have encountered long delays. A little more than three weeks after the new pedestrian processing lanes were opened, this reporter and a friend spent about 1 hour and 40 minutes waiting to cross back into El Paso.
This well-written and richly detailed article reminded me of some of the issues surrounding a similar implementation on the Malaysia-Singapore border earlier this year.

Hiccups are nearly impossible to avoid entirely, but there is a growing body of experience new adopters can draw from.

Malaysia Will Not Use Biometrics in Upcoming Elections

EC: Indelible ink and advance voting for next general election
The Election Commission today announced the use of indelible ink and advanced voting for the coming general election.

Finland Introducing Biometrics for Non-Citizen Residents

Fingerprints part of residence permits from new year (Press Release)
Finland is introducing biometric residence permit cards at the beginning of 2012. At the same time residence permit stickers for travel documents will be discontinued.

Changes to the Aliens Act enter force on 1 January 2012, from which date the granting of biometric residence permit cards will begin. Technical delays in the introduction of fingerprint scanning mean that in the beginning fingerprints will only be added to card chips by degrees. If technical problems prevent the scanning of a residence permit applicant's fingerprints, a remark to this effect will be added to the residence permit card chip.

Notwithstanding this deficiency, the card remains a fully authoritative proof of the right of residence for the duration of its validity.

Curing Corruption With Tech

Andrew Sullivan at the Daily Beast picks up on the potential for biometric technologies to aid in the fight against developing-country corruption. Link.

Biometrics Feature Among IBM's Five Innovations That Will Change Our Lives within Five Years

Today IBM formally unveiled the sixth annual “IBM 5 in 5," a list of innovations that have the potential to change the way people work, live and interact during the next five years.

They are:

♦ People power will come to life
♦ You will never need a password again
♦ Mind reading is no longer science fiction
♦ The digital divide will cease to exist
♦ Junk mail will become priority mail

Each featured innovation comes with its own short video. Here's the one for biometric security.

Gabon Opposition: "No biometrics, no transparency, no elections"

Bongo party claims absolute majority in Gabon election (AFP via @francesIDexpert)
President Ali Bongo's Gabonese Democratic Party (PDG) claimed Sunday to have won an absolute majority in general elections that were boycotted by many opposition groups and voters.

The party had won at least 73 of the 120 seats in parliament and its final tally was expected go higher, said a PDG source close to the interior ministry.

Official results are expected "probably Thursday", according to the electoral commission.

In all, 13 opposition groups urged supporters not to vote. They wanted the government to implement biometric voter security measures, such as fingerprinting, as a way of preventing fraud.
Ali's father, Omar, ruled Gabon from 1967 until his death in office in 2009.

Friday, December 16, 2011

Biometric Technologies Feature in Rafael Lozano-Hemmer Exhibition at The Sydney Museum of Contemporary Art

Sydney Museum of Contemporary Art Presents Rafael Lozano-Hemmer exhibition (Art Daily)
Rafael Lozano-Hemmer explains: ‘In Recorders, artworks hear, see and feel the public, they exhibit awareness and record and replay memories entirely obtained during the show. Using advanced surveillance and biometric technologies, the pieces either depend on participation to exist or predatorily gather information on the public as they go through the exhibition. In all cases the artwork compiles a database of behaviours that then becomes the artwork itself. I am always delighted when a visitor takes over an artwork and personalises it, like they might take over a stage or a public square.’

From the Sydney Museum of Contemporary Art site:
As a 'crowdsourced' show the content is entirely collected from visitors, using technologies such as heart rate sensors, motion detectors, fingerprint scanners, microphones and face recognition software. Your participation brings these critical and poetic digital artworks to life.

How to push people's buttons (Sydney Morning Herald)
John McDonald reviews the Rafael Lozano-Hemmer exhibition.
It's no revelation that technology can never free itself from Frankenstein's curse. All the devices we use for our own security are also obliterating our privacy. The BlackBerry used by every second businessman proved just as congenial for the rioters who set London on fire last year.

India UID: Seven Questions. Six Old, One New

Reasons why the Standing Committee on Finance rejected the UIDAI Bill (Economic Times)
In perhaps its most serious setback so far, a Parliamentary Committee has rejected the Bill that governs the project to assign unique Ids to all Indians. Worse, this Standing Committee on Finance has advised the government to "reconsider and review the UID scheme" itself. Its report was placed in Parliament on Tuesday. These, then, are its seven primary objections.
The objections take the form of questions:

Why was the UIDAI functioning even before the Bill was passed?
♦ It did not work in the UK. so, why here?
♦ Will it ensure welfare payments reach the targeted beneficiaries?
♦ What about privacy?
♦ Is the uid project financially feasible?
♦ Is the uid project technically feasible?
♦ Should cards be given to citizens or residents?

The first question is the only one that is novel, but alas, I'm not close enough to Indian politics to offer a good answer.

From the article's comments...
Rakesh P Mittal (New Delhi)
We must understand that no scheme is perfect but that does not mean that it should be put into a dustbin. Our existing schemes are full of leakages. So, by that argument all of them should be scrapped including MNREGA, subsidised LPG and subsidised Kerosene. Is Parliament functioning as per the vision of constitution makers ? Judicial system is creaking and its performance and delivery is nowhere close to what is required. Therefore by Sinha's theory, all of them should be scrapped ? The intention of the UID scheme is to eliminate the middlemen between the benefits and the intended beneficiaries. That will definitely be achieved by the UID scheme. To avoid creation of fictitious beneficiaries, we should have stringent punishments for those found indulging in misuse. Also we need a simple and effective machinery to implement it. Country expects Sinha to be a responsible and fair leader. If our leaders carry on like this then all of us and our future generations are doomed forever.
Perfect, good, etc.

EU, Russia Move Toward Visa-Free Travel

Russia and the European Union agree on moves towards visa-free travel (
Advances towards visa-free travel depend on the implementation of a number of "common steps" such as introducing biometric passports and preventing illegal migration.

"This decision has clear potential benefits to our citizens and for people-to-people contacts," said European Commission President José Manuel Barroso, who participated in EU-Russia summit. "But this will probably not happen next year."

Russia pledged to give at least €7.5 billion ($10 billion) to help indebted eurozone countries via the International Monetary Fund. Previous statements from Moscow had indicated $10 billion would be the upper limit.
Biometric passports offer governments a way to increase confidence in the travel documents they issue.

Medbox, Inc. Has Acquired Prescription Vending Machines, Inc

Press Release
Prescription Vending Machines, Inc. was founded in 2008 and has generated revenues of over $6 million since 2010. The company sells and services a patented biometric medicine dispensing system that can dispense a wide variety of medicine and is sold to traditional pharmacies, doctors' offices, hospitals, urgent care centers, and alternative medicine clinics.

Earlier post on MedBox

Thursday, December 15, 2011

Government Information Security: Q & A

Ilias Chantzos, Senior Director, Government Relations, EMEA & APJ, Symantec, discussed with Mehak Chawla the Indian government’s seriousness with regard to cyber security and how the era of multiple devices was changing the way that information needed to be protected.

These questions were formulated and answered from an Indian perspective but the issues under discussion have far broader applicability.

Here are the questions. The answers are at the link.

♦ What kind of threats does a government face when it comes to cyber security?

♦ In India, we are now seeing a trend towards mission critical activities such as the elections going online. How do we deal with the threat scenario in such cases?

♦ What’s the state of cyber security within the Indian government in terms of implementations?

♦ Is a comprehensive policy on cyber security emanating from the center, the need of the hour?

♦ It is the era of convergence and there are many devices accessing the networks of organizations. What are the risks associated with this and how do the governments deal with the same?

UK War Medalist Charged with Biometrics-Related War Crimes

UK War medalist charged with "Mutilation" for collecting battlefield biometrics the really hard way (PressTV)
The 25-year-old lieutenant, a lower-ranked soldier, and a captain are charged with cutting the fingers of a Taliban member who was killed in an Apache chopper air strike in the Afghan province of Helmand.

The Director of Service Prosecutions is investigating the case.

The three apparently ruthlessly severed the fingers of the dead Taliban fighter for finger printing after they failed to do so with a biometric camera allegedly under sustained hostile fire.

The three have claimed their action should be considered a mistake as they were “in the heat of battle.”
Other notes:

The alleged victim was allegedly dead at the time of the alleged incident.

One of those allegedly involved earned the Military Cross.

Macedonia and Albania sign agreement on mutual trips of citizens

It's all Bi-Lateral, these days (
Foreign Affairs Minister Nikola Poposki and Albania's Deputy PM and Foreign Minister Edmond Haxhinasto signed Wednesday in Tirana an agreement amending the treaty signed between the Macedonian government and Albania's Council of Ministers on mutual trips of citizens, MIA's correspondent has reported.
Biometric technologies make these agreements much easier to negotiate, implement and comply with.

France: Ex-president Chirac Guilty of Corruption in Ghost Worker Scheme

Given a two-year suspended jail sentence (France24)
Former French president Jacques Chirac was given a two-year suspended jail sentence on Thursday after he was convicted of embezzling public money to finance his political party.

Sentenced for creating fake civil service jobs while he was mayor of Paris between 1977 and 1995, Chirac is the first former French President to be convicted of a criminal offence since the Second World War.
It seems that money most often motivates the creation of ghost armies of public workers. For Chirac, diverting public funds to his political operation accomplished much the same outcome.

Developing nations aren't the only ones that can help safeguard democracy using biometrics.

Malaysia: Hunting Illegal Resident Identity Fraud

Malaysia launches manhunt to track 3,000 foreigners (msn - India)
Malaysian authorities have launched a nationwide manhunt to track down almost 3,000 foreigners possessing either more than one identity or travel document, and with some of them reportedly having criminal records.

The country''s Immigration Department discovered their presence when scrutinising its files before beginning the biometric system database for all the legal and illegal workers.

"We are working closely with the police and Interpol to trace and arrest them," Immigration director-general Alias Ahmad said.
This story represents an interesting continuation of Malaysia's efforts to assert more control over its international borders and the presence of foreigners within those borders. We have followed Malaysia's use of biometric technologies in tese efforts for some time.

On a more humorous note, the man in charge of tracking down 3,000 individuals with multiple travel documents is named Alias.

Other posts on Ghost Workers

Nigeria: Ghost Police Pensioners Collect Over $6 Million a Month

N1 Billion Paid to Ghost Police Pensioners Monthly - Ngozi (
Finance Minister Ngozi Okonjo-Iweala said yesterday that government has uncovered about N1 billion paid to unidentified police pensioners every month.

The discovery was made after a biometric data exercise conducted on police pension fund, the minister said in Abuja at a press briefing on the 2012 budget breakdown.
A billion Nigerian Naira = 6,168,080.18 USD

In 2010, Nigeria received a total of $614.7 million in U.S. foreign aid.

So, an amount equal to 12% of the foreign aid Nigeria received from the United States in 2010, went toward paying ghost police pensioners, which must represent only a fraction of the total number of government pensions being paid.

The amount of money lost to corruption among the world's developing countries is truly staggering. It is one of the main contributors to global poverty and misery. Biometrics can help.

See also:

Slate: How Biometric IDs Will Help Developing Countries Fight Corruption and Bust Fake Workers.

Other Nigeria posts

Wednesday, December 14, 2011

This is What a Fingerprint Template Looks Like

This is an actual template created using one finger, an off-the-shelf fingerprint reader and their freely-circulated software development kit (SDK). It consists of 800 hexadecimal characters.

Confident Technologies offers 5 authentication predictions for 2012

5 authentication predictions for 2012 (Help Net Security)

1. BYOMD (bring your own mobile device) will spell big trouble for businesses in terms of data loss in 2012.

2. There will be a large data breach (reminiscent of the Sony online gaming breach of 2011) which will finally cause organizations across many industries to realize they cannot rely solely on passwords to protect user accounts.

3. Targeted Variations of Zeus-in-the-Mobile style attacks will grow.

4. Smart devices enable smart authentication: image-based authentication, biometrics and more.

5. Retailers and mobile payment providers will lead the adoption of new mobile authentication techniques in 2012.

More fulsome elucidation of each point at the link.

Slate: How Biometric IDs Will Help Developing Countries Fight Corruption and Bust Fake Workers.

I’ve Got My Eye on You (
Call 2011 the year of the biometric ID. Once the territory of high-security enclaves and spy novels, identification by iris scan, fingerprint, and other unique physical features has now become de rigueur around the world—especially in India, whose program to ID every citizen has been the subject of almost giddy reports about the technology’s potential to democratize society. The New York Times described India’s biometric database as “building real citizenship” for the first time. Wired emphasized how biometrics can finally bring the disenfranchised into the formal economy. The New Yorker detailed the necessity of IDs for the poor in accessing formal savings opportunities.

But entirely underemphasized is another major upside of biometric IDs and the shift to electronic payments: solving the ghost-worker problem.
Slate has a great article on using biometric ID management technologies in developing countries to help interrupt the corruption-poverty feedback loop.

The themes, and even some of the article's linked material, will be familiar to regular readers but the article contains detail on specific implementations and makes a compelling case for more widespread adoption.

Other posts on Biometrics & Development

Tuesday, December 13, 2011

Bangladesh Moves to Close Gaps in Law Enforcement Information-Sharing

Highly-sophisticated criminal database to facilitate law enforcement (The Daily Star)
Following the arrest of a person, law enforcers now would be able to know when, where and why the person was arrested earlier (if arrested earlier). Once launched, it would prevent arrested criminals, pretending to be innocent, from deceiving the law enforcers, he said.

Criminals, especially militants, use fake names and addresses, making the task for law enforcers -- to arrest and identify them -- very difficult. “Here, the database would work as a deterrent to the criminals,” he observed.

Earlier, Rab only kept fingerprints of arrested criminals for the Automated Fingerprint Identification System.

A total of 200 Rab personnel were trained by the experts of Tiger IT Bangladesh Ltd to gather biometric information and other data. Those trained personnel are now working at all the 49 camps of total 12 Rab battalions across the country.

Unique ‘Listening’ Technology Enables Joint Venture to Tackle Widespread Fraud Issues

That doesn't sound like my signature (Press Release)
This partnership was formed to commercialize a Rolls-Royce developed signature verification technology called SignHear in several markets including healthcare, retail banking and child care security.

SignHear dynamic signature verification by Alaris is a biometric technology that verifies identity by analyzing the unique sound patterns created by an individual’s written signature. These sounds are captured and analyzed by a patented algorithm that generates an acoustic signature template unique to each user. The technology was originally developed by Rolls-Royce to run quality tests on jet engine blades. By firing a sound impulse into a blade and analyzing the resulting wave patterns, engineers were able to determine if any structural faults or anomalies were present.

Battle Tested Information Technology Applied to Local Law Enforcement

Sheriff's deputies to get battlefield-tested technology (Los Angeles Times)
At a total cost to taxpayers of $20 million, Raytheon Co. promises to deliver technology that will enable deputies on the road to sort through key intelligence information in mere seconds, where it once took hours or days. In a single roadside stop, they'll have the ability to run a background check using a searchable FBI database — or pull up a suspect's mug shots or even obtain biometric data, such as fingerprints — on the spot.

Technology once reserved for analysts in sheriff's stations is being taken by deputies as they investigate crime scenes, chase down suspects and answer calls for help as the need for on-the-spot data becomes more urgent in sprawling urban areas.
Technology finding its way from distant battlefields and into our everyday lives is nothing new, and with cuts to the U.S. military budget widely predicted, it shouldn't be surprising that the companies who have developed all sorts of information technology for use in the wars in Iraq and Afghanistan would seek to sell those products into new markets.

Technology that improves efficiency for local law enforcement organizations may get a lot more attention if the budget cuts expected by the Defense Dept. begin to confront big city police departments like the LAPD in Los Angeles.

Aviation Industry Researchers Predict Major Airport Overhauls Over the Next 15 Years

CAP Strategic Research predicts major overhaul of airports (

CAP has compiled a "white paper" based on interviews with over 60 airlines worldwide, 25 major airports and 5,000 interviews with airline passengers.

It predicts that by 2025...

♦ Airports around the world will operate 24 hours a day.

♦ Check-in desks will be a thing of the past, replaced by online or self check-in kiosks at the airport.

♦ No check-in luggage either - aircraft would need to be redesigned to accommodate larger baggage compartments, or passengers will need to ship larger baggage.

♦ Some travellers will be able to bypass security checks under a "Trusted Traveller" category using a biometric security pass to access a special automated lane.

Faster, please.

Today's UID NPR News

The UID-NPR conundrum (
UIDAI has consistently said its goals are to help eliminate fake and duplicate beneficiaries from welfare schemes and to provide IDs to millions of the poor and migrants.
NPR’s purported goals are internal security and curbing illegal immigration.
Nilekani Says UID Project on Track (Wall Street Journal)

First, this perspective on the political machinations:
Last week, a parliamentary committee led by a member of the opposition Bharatiya Janata Party looked set to recommend, largely on these grounds, that lawmakers reject a bill that would give parliamentary backing to the project. Parliament’s approval of the bill, while not required at this stage, could enhance the project’s legitimacy.
Then, a prediction:
But the program is unlikely to be dropped, especially as policy inaction, most recently the retail FDI debacle, raised questions about the government’s ability to get things done. The ID program is one of Prime Minister Manmohan Singh’s pet projects and Mr. Nilekani remained confident the project would go ahead. He said Aadhaar would “definitely” happen and that “the question is who will do the enrollment” after the current phase is completed.
Both linked articles contain much more useful information and compliment each other well.

Monday, December 12, 2011

Taiwan’s passport holders urged to go biometric

E-passport increases security and speeds up immigration procedures (
The Ministry of Foreign Affairs (MOFA) urged Taiwan passport holders on Friday to change their passports to biometric ones, saying the conversion would make it easier for Taiwan to gain visa waiver privileges in countries around the world.

India: Future of UID Under Debate

Spike the UID project (Daily Pioneer)

Don't spike UID project; it's doing well (Daily Pioneer)

'UID', Losing Its Own Identity (Silicon India)

Much at stake for tech sector in UID project (Economic Times)

Friday, December 9, 2011

India: More on the Setback for Nandan Nilekani's UID scheme

In another blow to the UPA today, a parliamentary committee has rejected the bill which creates the Unique ID card or aadhar scheme that's being orchestrated by former Infosys head, Nandan Nilekani. The PM's vision, entrusted to Mr Nilekani, was for every Indian to receive a card bearing a 12-digit ID which will be stored in a central database and linked to the individual's fingerprints and other biometric data.
The article's comments are interesting.

Plus this less pessimistic view at
In a move that reflects resistance to the government’s high-profile project to provide identity numbers so that, among other things, social welfare programmes can be better directed and financial inclusion gets a boost, a parliamentary committee has asked that the relevant draft Bill be reworked.

The National Identification Authority of India Bill, 2010, will be sent back to the government for redrafting by the parliamentary standing committee on finance headed by senior Bharatiya Janata Party (BJP) leader Yashwant Sinha, which was studying the proposed legislation.

Biometrics Market Resilient Compared to Other Industries

Biometrics: A Global Strategic Business Report (Companies & Markets)
However, given the length, breath and duration of the 2007-2009 recession, the cumulative 12.1% decline in growth during the period, in fact highlights the relative resilience of the biometrics market in comparison with other industries, which witnessed acute and prolonged erosion in growth. In other words, despite the aforementioned deceleration in growth momentum, average annual growth when viewed in isolation, was still a healthy, indicating that the slowdown actually doled out its fair share of opportunities in this space in the form of increased crime rates and thereby increased incentive for investments in these technologies. For instance, recession induced consumer loss of confidence in financial institutions, surging crime rates in most urban and private residential areas, shattered confidence in public safety agencies and law enforcement departments, have all necessitated high-level security arrangements.
And (Press Release)
The United States is the largest biometrics market in the world, and the Asia Pacific region is one of the most rapidly growing markets. The Asia Pacific biometrics market is set to grow at a compound annual growth rate of 23.8% to 2017. In terms of individual subsectors of the biometrics market, the iris / retinal scan segment is the fastest growing, set to grow at a CAGR or 26% to 2017.

Ghana: Electoral Commission Urged to Adopt Biometric Voter Verification

EC urged to do biometric verification (Modern Ghana)
Representatives of political parties and religious leaders in the Upper West Region have called on the Electoral Commission to reconsider its position on the issue of biometric registration and verification.

This is because they believe it is one major way of ensuring free, fair and transparent elections in 2012.

Las Vegas: DMV Clerk Pleads Guilty to Federal Bribery Charge

DMV Clerk Pleads Guilty To Bribes For Licenses (CBS Local)
Authorities say she used third parties to recruit customers who didn’t have identifying documents, and typically charged $1,500 to $3,000 for each license. A plea agreement says she issued about 214 licenses illegally between February 2010 and April 2011.
On Wednesday, it was New Jersey.

Thursday, December 8, 2011

Bilateral Travel Agreements: The U.S.& Switzerland Make Sausage

Laws are like sausages, it is better not to see them being made.
— Otto von Bismarck

Otto von Bismarck was neither Swiss nor American nor would he have been surprised to read the article describing the negotiations over law-enforcement information sharing between the two nations.

Swiss media report USA could re-introduce visas (
     The US and Switzerland have been negotiating data sharing since 2007.

Ottawa, Washington launch billion-dollar border security plan

Few surprises in the action plan released Wednesday (
Stephen Harper and Barack Obama are calling it the dawning of a new day in Canada-U.S. relations: a border security pact that includes a controversial new entry-exit system for crossing the 49th parallel.

India: Parliamentary Panel rejects UIDAI Bill

Home Minister reports that UID enrollments can be done without any checks (IBN Live)
There has also been a serious showdown between the Registrar General of India and the UIDAI on whether the Aadhaar data that includes photographs, fingerprints and the iris can be used for the National Population Registrar in its present form.
This is interesting in light of Tuesday's post: India: How Much Fraud is Acceptable in NPR, UID.

Wednesday, December 7, 2011

New Jersey: 40 Arrested in Drivers License Conspiracy

Criminal ring sold illegal digital IDs, authorities say (
The defendants allegedly conspired in schemes in which brokers and Motor Vehicle Commission clerks sold New Jersey digital driver’s licenses to customers who did not have the required six points of identification, the release said. In some cases, the customers, who are foreign nationals, did not qualify for a license because they were in the U.S. illegally. In other cases, they lacked sufficient documentation.

The customers paid between $2,500 and $7,000 for a driver’s license or license renewal, and the MVC clerks and brokers split the proceeds of the illicit sales, the release said.

NY: Washington County Seeks to Control Costs with Biometric Time & Attendance

Audit targets lax practices at Washington County (
Employee payroll expenses, overtime and benefits accounted for about 42 percent of the county's $112 million spending plan in 2010.

UK: Post Office wins biometric collection contract

Network of about 100 locations from the spring of 2012 (The Guardian)
The Post Office has won a contract to take photographs and fingerprints of foreign nationals seeking biometric residence permits (BRPs).

Immigration minister Damian Green announced the plan as part of a package of measures, also including an online checking service for employers, aimed at reducing the number of illegal workers in the UK. They are included in the draft Immigration (Biometric Registration) Regulations 2012, which will complete the roll out of BRPs to all foreign nationals in the UK applying to extend their stays to more than six months.

New NIST Biometric Data Standard

New NIST biometric data standard adds DNA, footmarks and enhanced fingerprint descriptions (
"The additions to this version of the standard represent a great leap forward," said NIST Biometrics Standards Coordinator Brad Wing. The capabilities of the system have been greatly expanded from that of matching a fingerprint, facial image or iris sample collected directly from a live person and comparing it to samples previously stored in a database. New types of biometric data—DNA and plantars/footprints—were added as well as updates to existing record types.

This is the first international standard for the exchange of DNA data. DNA can be used for criminal case identification, such as in a rape case, or in a forensic setting to identify victims, such as those in a plane crash, where it is necessary to have an original DNA sample from the victim, or establish kinship by taking DNA samples from purported relatives. The standard handles both types of cases.
The full article will appeal to technical readers. If that doesn't satisfy your thirst for detail, the full publication of the standard can be found here:
Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information [pdf]

Tuesday, December 6, 2011

SecuGen Obtains Permanent Injunction Against Suprema Distributors and OEM Partners in Patent Infringement Lawsuit

Press Release
The United States District Court for the Northern District of California has ordered that Suprema distributors and OEM partners RBH Access Technologies, Inc. and RBH USA, Inc. are permanently prohibited from importing, offering for sale, distributing or selling within the United States products that incorporate non-licensed Suprema fingerprint sensors, including RBH-BFR-200-S, RBH-BFR-200-M, RBH-BFR-300-S, RBH-BFR-300-M, and RBH-BFR-USB.
SecuGen has alleged that optical fingerprint sensors made by Suprema Inc. and incorporated into biometric security products by Suprema and its distributors and OEM partners willfully infringe SecuGen’s patent, U.S. Patent No. 6,324,020, issued in 2001. This patent covers core imaging technology that SecuGen has developed to produce optical fingerprint sensors that are used in biometric security applications, such as door locks, time & attendance, access control, and labor tracking systems.
Earlier posts on this subject:
MONDAY, JULY 18, 2011

h/t @m2sys

Cleveland: Mayor & Union want fingerprint time clocks at firehouses

Mayor wants fingerprint time clocks at Cleveland firehouses (Fire Rescue 1)
The move follows an internal city audit, released in mid-November, that found some city firefighters collected pay for hours they didn't work, including one man who collected two years of pay while working a total of 11 days. Auditors also found that some firefighters failed to record sick time and violated the city's bereavement policy.

Officials representing Cleveland Fire Fighters Local 93 said late Friday they support the city's decision to install time clocks that read fingerprints.

"The city is still operating under archaic conditions," said Joseph W. Diemert, a lawyer for the union. "To monitor — clock in and clock out — is something that the guys think is wonderful and a good thing to do.
 Clocking in: A sign of changing times (Fire Rescue 1)
While I think it is uncommon, although certainly not unheard of, for firefighters to formally clock in and clock out of the fire station, I wonder if this story is a sign of changing times (pun intended), or an isolated response to a local situation?

As you can see from the story, and perhaps contrary to what you might think, both labor and management agree on the proposal to install biometric timeclocks in Cleveland firehouses.

And why wouldn't they?

Two-Part Interview with Special Agent David Cuthbertson, Assistant Director of FBI's Criminal Justice Information Services (CJIS) Division

What are some of the division’s main programs?

Does CJIS share information with partners outside of law enforcement?

Given the vast number of records in CJIS databases, how do you safeguard Americans’ privacy and civil liberties?

Since its creation in 1992 as the FBI’s central repository for criminal justice information, CJIS has experienced tremendous growth. To what do you attribute this success?

How has technology contributed to the success of CJIS?

CJIS has a number of biometrics initiatives. Can you explain them?

What else can we expect from CJIS in the future?
More from Special Agent Cuthbertson...
FBI Plans WV Biometrics Tech Center (TechWeb)

Indonesia: ID, E-ID and Ministerial Competence

E-ID: Ambitious but ambiguous mega project (The Jakarta Post)
A 16-digit NIK serial number is used to identify one person among 237 million Indonesian citizens. It is a digital identification number for every resident that can facilitate services related to immigration, taxation, banking, insurance, population census for elections and ID cards. In other words, NIK is a basic citizen administration database used in several administration documents.

Regarding the main advantage of the program, the ministry argues that the electronic card, which is embedded with an eye biometric system and fingerprint detection will guarantee that every Indonesian citizen will hold only one ID card, because no one can share similar irises or fingerprints. It is true that every fingerprint and iris is unique, but it does not always mean that double citizen cards cannot happen.

Nevertheless, there is always a chance for a person to hold double or triple ID cards because the NIK system in the country remains in a mess.
The previous post deals with acceptable rates of inaccuracy in the determination of an individual's identity in a biometric national ID program. The above article invites questions about how much government inefficiency can be tolerated in the data collection.

India: How Much Fraud is Acceptable in NPR, UID

Home Minister expresses concern on UIDAI data collection process (Deccan Herald)

It's hard to read the above linked article as other than a continuation of the rivalry between the National Population Register (NPR) being assembled by Home Minister Chidambaram and the Unique ID (UID) Project being conducted by UIDAI and its chairman, Nandan Nilekani. The two organizations have overlapping mandates and heat generated between the two has been vented through the press before.

But a very interesting question is concealed within Home Minister Chidambaram's statements.

Home Minister Chidambaram says:
"The data collected by multiple registrars of the UIDAI does not meet the degree of assurance required under the NPR from the point of view of internal security," he said.

The Home Minister said the UIDAI process of enrolment is based on production of documents and, in the absence of documents, through an introducer based mechanism. It was due to the fact that document based systems are not feasible in rural areas especially among the poor, illiterate, landless and women.

"If the UIDAI process is to be introduced in NPR, it would lead to large scale exclusions. The possibility of inclusion of non-usual residents in the local register and the creation of false identity profiles is also real. This would defeat the purpose of creation of NPR. There are also a number of legal, technical and practical issues that makes it difficult to accept data collected by other registrars," he said in the letter.
So, how do you go from a situation where you have a billion people and no rigorous ID management to a system where everyone has a permanent, singular, legally-enforceable, government-backed identity?

Answering two other questions will help answer the first.
How much time and money can be spent?
What error rate (level of deception) is tolerable?

India has (hundreds of?) millions of people without ID resulting in a social welfare system that is rife with corruption and an entire underclass that lacks access to the tools that allow for social mobility and the enjoyment of basic rights. Some of the individuals lacking ID don't even know all the information that will be asked of them in obtaining an ID document.

What is your date of birth?
Where were you born?
What is your father's name?

I don't know.
When this is the real root of the problem (and Chidambaram acknowledges this with his mention of the poor, illiterate, landless and women) how much worry about the "inclusion of non-usual residents in the local register and the creation of false identity profiles" is appropriate?

Bringing full citizenship rights to poor, illiterate landless Indians brings with it a near-certainty that full citizenship rights will be conferred upon some number of poor, illiterate, landless non-Indians living in India. Is it worth it?

Creating an identity profile for people who lack the details required to create a rigorously complete identity profile means that the system will be open to some measure of deception. If a person has no ID and must be trusted to provide information to obtain an ID, they can either err or lie in the information they provide. How much error/deception is acceptable?

Even with unlimited resources and unlimited time, something both NPR and UID lack, imperfection is guaranteed.

The saving grace is that through database de-duplication, everyone only gets one ID. What was fluid solidifies.

So, yes, some sort of illegal resident amnesty and opportunity for "individual self-reinvention" is going to happen as a result of either the NPR or UID. This must be balanced against the known ills associated with the lack of a functional ID management infrastructure.

The existence of NPR and UID means that these questions have already been answered. Lots of money is available. Reasonable efforts to prevent wholesale fraud will be undertaken. Some abuse will happen, but it's worth it to both bring huge numbers of poor people into the system and to make a sharp break with a past where poor ID management made it too easy to operate invisibly for any purpose whatsoever.

There may be a real difference between the auditing processes used by NPR and UID. NPR's may be more rigorous and, in the view of Mr. Chidambaram, superior. Fortunately, the truth will come out. The expenditures of both efforts will be known. The number of credentials issued by each will be known. And at some point, it will be possible to compare the two systems to each other both in terms of their efficacy and their cost.

Lots of News Out of India Today

More biometric machines for NPR (The Hindu)

Tiruchi Residents can get Aadhaar card from head post office (The Hindu)

Welfare payments: Why Jharkhand's initiatives are relevant for all of India (Economic Times)

Home Minister expresses concern on UIDAI data collection process (Deccan Herald)
Much more on this one in the next post (above).

Ghosts in Ghana

600 government workers aged between 60 - 110 years (Modern Ghana)
In the morning, the motion in Parliament on November 16, for the approval of the 2012 budget statement, the Minister of Finance and Economic Planning, Dr. Kwabena Duffour said; “as part of fiscal consolidation policy, government is undertaking a biometric registration of all pensioners and active employees on government payroll. The resultant database would be used for all future payments of wages, salaries and pensions in the public sector.”

Dr. Duffuor said the exercise which had been completed in the Eastern, Volta, Central, Western and Greater Accra regions, indicated that 29,563 representing 41 per cent of all pensioners could not be accounted for and could be described as ghost or non-existing names.

Monday, December 5, 2011

Malaysia 6P Foreign Worker Registration: After Amnesty, Bosses Face Fines and Jail Time

Bosses who fail to register workers may be jailed or fined (The Star)
Bosses who failed to register their foreign workers under the recent 6P amnesty programme face up to 15 years in jail or a fine of up to RM1mil under the Anti-Trafficking in Persons Act.

State Immigration director Nasri Ishak said the department was currently carrying out raids at work places and foreign worker enclaves to comb for errant employers.

“We have caught several employers in Johor Baru, two of whom have more than 100 foreigners working for them. The others have about 20 to 50 workers,” he said after attending the department's open day here yesterday.
The 6P program involves the biometric registration of all foreign workers in Malaysia and an amnesty component. The thinking seems to be that among those who did not register, there may be something illegal about the character of their employment separate from their status with the State Immigration Department.

Malaysia, according to this interactive map, is a Tier 2 country with respect to the U.S. Trafficking Victims Protection Act (TVPA). This status means that (according to the U.S. State Dept.) Malaysia does not fully comply with the TVPA’s minimum standards but is making significant efforts. 6P is one of these efforts.

Canada: New e-Passport Lasts Longer

New electronic passports to have longer lifespans (The Globe and Mail)
The new passport will contain a photograph but not biometric data such as fingerprints or iris scans.

Adults will be able to choose between a five-year passport and one valid for 10 years but children will only be able to get the five-year document.

“The goal of the validity period of 10 years is not to reduce costs but to be more convenient for Canadians, to get Canada to the same level as a growing number of countries such as the United States, France, the United Kingdom and Australia,” said Monique Boivin, a Passport Canada spokeswoman.

She said about 80 countries issue e-passports and “Canada is the only G8 country not to issue electronic passports to the general public.”

Boivin said Canada chose not to include fingerprints and iris scans in the passport to comply with the standards of the International Civil Aviation Organization.

“Right now the ICAO standard is the facial image,” she said.
A passport, whether or not it contains fingerprints and iris scans, contains biometric data. A photo, gender and date of birth are just some of the biometric details required on the passport application [pdf]. Another form of ID, which will also contain plenty of biometric information, is also required.

Even when no software is applied to the problem, biometrics often make up a part of the ID management process. In this case, a border agent will look at the Canadian passport's printed photo, scan the chip and look at the electronically stored photo and look at the person who handed her the document. If all three match and are consistent with the passport's other information, a high-confidence identification has been made.

People are remarkably good at this type of facial recognition problem and border agents are trained at it, to boot.

Friday, December 2, 2011

Some Wasps are Pretty Good at Facial Recognition

Earlier this week I posted a brief item on how humans and software differ in their approach to face recognition: Facial Recognition vs Human & Facial Recognition + Human

It turns out that certain wasps that live in hierarchical social situations are pretty good at facial recognition, too.

Wasps Can Recognize Faces and Remember Them for a Week (
The findings, which adds to the list of amazing abilities social insects have, offer insight into how animals become good at specialized tasks. The study also touches on a raging debate about how and why humans are so attuned to sets of eyes, noses and mouths.

The wasps are "phenomenally better at learning wasp faces than anything else we tested them on," said Michael Sheehan, a graduate student in evolutionary biology at the University of Michigan in Ann Arbor. "They're not just good at faces. Like people, the way they learn faces is different from the way they learn other images."

h/t @HodgeBarry

Thursday, December 1, 2011 Includes a Facial Recognition Tool for Parents of Facebook Users

German offers parents more control over children's Facebook accounts (Yahoo! News)
Among the features offered is photo monitoring which uses biometric face recognition to scan the social network for pictures of the target profile, even if not tagged. The service offers privacy setting suggestions and informs about unsafe links popping up in friend network. Interactions between friends can also be monitored, as well as apps and pretty much all activity from new friends, to liked pages or check-ins. Past data and events can be compiled and analyzed if needed.
Biometric technologies can be protective or corrosive of privacy.

What I find interesting about this story is that seems to be a nearly identical use of facial recognition technology to the one that has been attracting a lot of negative attention to facebook.

The difference is in who controls the information gathered with the help of the technology.

It's not the tech; it's the people.

Malaysia: 2.3m Foreigners Register Under 6P Programme

The 6P programme covers registration, legalisation, amnesty, monitoring, enforcement and deportation (The Malaysia Insider)

Earlier posts on Malaysia and 6P

Tuesday, November 29, 2011

(Facial Recognition vs Human) & (Facial Recognition + Human)

Terrorists picked out in a crowd by cameras that can beat human eye (This is London)
Mr Bada was given five minutes to memorise 30 faces before six of the subjects mingled with crowds at Charing Cross railway station and walked past a fixed point.

The Met expert was able to pick out two while the Face Alert camera spotted four. Tim Noest, the managing director of Lodge Service Intelligence which makes Face Alert, said two of the faces were obscured by crowds.
Humans are awesome at ID management among people they know. The processes people use to identify people with high confidence are extremely complex and may take into account gender, age, gait, time, posture, scent, sound, weight, location and countless other details processed simultaneously and without necessarily involving a lot of conscious effort. People, however, aren't very good at identity management among large numbers of people they don't know.

In biometrics, software takes in a mere fraction of the information people use and it doesn't make any inference about it. It treats the problem in a way that closely resembles Nikola Tesla's famous critique of Thomas Edison.
“If Edison had a needle to find in a haystack, he would proceed at once with the diligence of the bee to examine straw after straw until he found the object of his search.”
When dealing with people we don't know, humans are relegated to the needle-in-the-haystack process. Even if you believe that computers aren't very good at recognizing people this way, they're better at it than people are.

When biometric software is used to sort a large list by the probability of a match, then present the list to a human such as Mr. Bada, the results can be impressive indeed.

h/t @Allevate

Management Lesson from Nigeria

Biometrics, Ghost Workers, ROI and Sharing the Savings (Vanguard, Nigeria)
It must be recalled that members of the National Union of Electricity Employees, NUEE, had initially opposed the biometric data capturing system introduced by the government, and threatened industrial action if the measure was carried out. The union, however, rescinded its decision after reaching fresh agreements with government on Thursday, regarding the payments of the 50 percent salary increases for electricity workers.
The Federal Government has directed the PHCN management for the first three months of the 50 percent hike in salary, adding “this singular action has cost the entire labour movement an enormous stock of goodwill, as it is so embarrassing and brazen.”

He said that between 30 and 40 percent of the workers in the federal service has been discovered to be fake, since the Federal Government last year directed all ministries, departments and agencies to conduct biometric data verification which entails collection of photographs, thumbprints and staff numbers of employees.
I've used this space over and over to contend that the proper measure for the success of a biometric deployment is not perfection; it's return on investment (ROI).

The reason that so many of the early applications of biometric technology to business processes have been in time-and-attendance systems is because the ROI calculation is pretty straightforward.

Applying biometrics to root out ghost workers in the Nigerian electricity industry should deliver a hefty ROI but it is important to realize that every time an organization saves money, someone who used to get paid isn't getting paid (or isn't getting paid as much) any more. In this case, some of the people receiving the salaries of the ghost workers may also be real workers, too, and their legitimate wages may be very low.

This type of arrangement may even have been met tacit acceptance by managers who had no other way to mete out salary increases but it also opens the door to abuse, theft and a loss of managerial control of labor costs.

Fortunately, cleaning up the payroll frees up the resources to make some people whole while severely curtailing large-scale abuse. Without the ROI biometrics affords, there aren't a lot of good options for addressing the problem without killing morale.

Fortunately, most businesses are not faced with a time-and-attendance challenge where 30% of paid staff don't actually exist, but the above example is instructive nonetheless.

Astute managers might consider setting aside some portion of biometric time-and-attendance ROI to smooth the transition from a system that had a little more slack built into it.

India: Biometric Information Sharing Network to Go Live in 2012

Crime and Criminal Tracking Network and Systems (CCTNS) by early 2012 (Times of India)
"With the CCTNS in place, all information will be available online. Information regarding fingerprints, unidentified bodies, missing persons, stolen vehicles, stolen arms, etc, will be just a click away. At present, if we need information about a suspect, we send intimations to our counterparts in other states. This is a time-consuming process," said Dhiware.
Networked biometric ID management infrastructure gives law enforcement officers a powerful tool to increase the likelihood that criminals can be brought to justice. This is good news for Indians.

The mention of unidentified bodies is worth noting, as well. It's a real, but often overlooked, problem. Biometrics, such as facial recognition, are being applied to cases that have been cold for 40 years or more. In fact, at SecurLinx we're working to help identify the body of a man (likely a U.S. Marine) murdered in the 1960's.

Monday, November 28, 2011

Face Rec & the Russian FSB

Here's a wide-ranging article about facial recognition in general and its use by the Russian security services.

Analysis - A Face In The Crowd: Russia’s FSB Is Watching You (Eurasia Review)
At the Commission for Modernisation, responsibility for the development of biometric systems is in the hands of Working Group No 4, ‘Strategic Computer Technology and Software’, headed by Andrey Fursenko.

But if you look at records of group meetings, it becomes clear that all proposals on the subject come from FSB representatives. For example, on 8 October 2009, when two projects were discussed – one the creation of an automated video system for detection and identification of targets in real time and the other concerned with voice recognition – the group was addressed by Yevgeny Maximov, deputy head of the FSB’s research establishment. Responsibility for both projects was given to the FSB and its director Alexander Bortnikov.

Biometrics In School Cafeterias

Most articles dealing with biometrics in a school cafeteria follow a set formula. This one is different. It covers biometrics, nutrition and other nuts-and-bolts aspects of managing a public school food service business.

Franklin County Elementary Schools Serve Up Modern Lunches (
Like other students, Kasey doesn't hand over a ticket to the cafeteria worker in charge of the cash register, or provide a $1 bill and coins. Every day, Kasey places his index finger firmly against a biometric finger scanner. His lunch number, name, picture and lunch stats pop up on the computer screen. That's how all F-M students pay.

Then, it's time to eat.

New Canada-U.S. Border Agreement to be Unveiled by Obama and Harper in December

Those who worked on hammering out the agreement over the past nine months are proud of it (The Globe and Mail)
It will harmonize a plethora of regulations and safety standards in the automobile, food and other industries. It will make it easier to obtain temporary work permits and a trusted-traveller document that will allow frequent crossers to skip the lineup at Customs.

Air, land and maritime inspections will be more fully integrated, and both sides will be able to more easily detect and deter cyber threats.

Tuesday, November 22, 2011

Ghana: On Again, Off Again Biometric Voter Verification is On Again

Biometric Verification is on (The Statesman)
Government and the Electoral Commission have finally yielded to both domestic and international pressure and agreed to compliment the biometric voter registration with biometric voter verification at the polling station in order to enhance the integrity of the 2012 elections.

DARPA’s Developing Sensors to Track You by Your Heartbeat

What will they think of next? (Gizmodo)
Doesn't matter if you're a ninja or a polar bear blinking in a blizzard—if you've got a heartbeat, this new sensor system will find you. It's called "Biometrics-at-a-distance" and does everything but smell your fear.

Saturday, November 19, 2011

Biometrics, Passwords & the Illinois Water Plant Hack Attack

Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says (Washington Post)
The Illinois report said that hackers broke into a software company’s database and retrieved user names and passwords of control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.
Stuxnet was used to attack the centrifuges used by Iran to enrich Uranium and it was most certainly far more than a Username/Password job. This attack, however, (if confirmed as an attack) is "Stuxnet-like" in that the attackers caused physical damage to machinery using only ones-and-zeros and the internet.

This is a big deal. Biometrics can help.

In networked biometric identity management solutions, the biometric sensor hardware is a part of the security. In a Username/Password regime, the hardware used, the keyboard, offers no additional security. A hacker gains access to the network using a keyboard to fill in the proper fields and she's in. If she steals a biometric or unencrypted biometric template (a long character string), she can't just type it in even if she finds the place in the programming that handles the template. In some ways the template is like a password that must come through the proper sensor.

In our water plant example, requiring biometric authentication to authorize turning the pump off and on would have dramatically increased the difficulty of the hack.

But even in a world saturated with biometric ID management applications, Username/Password verification will still be around. For one thing, people aren't the only things that claim an identity before accessing IT systems — computers do it, too, and they don't have biometrics. It's also a cheap, well-understood, flexible technology that supports certain access control models that biometrics does not.

The challenge that system-designers now face is to identify where using Username/Password is too dangerous, and where biometrics can be used to reduce risk to an acceptable level. This requires identifying everything currently authenticated with a Username/Password and a determining which of these things are more efficiently protected using biometric authentication, then implementing the change. This is far easier said than done.

Requiring biometrics for access to stored usernames and passwords would be a good start, though.

US: Banking & Facial Recognition

When financial fraud meets facial recognition, the jig may be up (International Business Times)
Chip McBreen, who leads fraud prevention and security at Members 1st Credit Union in Pennsylvania, has become a believer in facial recognition tools to stop bank fraud. He says the emerging technology has already delivered results for the institution many times.

"We had a case last week where we had a person come in with a fictitious drivers license, and we actually used it (the technology) to determine that wasn't the member," he says. "It allows me to search for it (the image) very quickly and produce that for law enforcement."
South African banks have been making big moves in their use of Biometric ID management technologies lately. The applications described in the article above rely on data possessed by the U.S. banks rather than stored in government databases.

Friday, November 18, 2011

E-gate system introduced at two Saudi airports

Airport E-gates: Yesterday Taiwan

Today Saudi Arabia
JEDDAH: Saudi Arabia has introduced the e-gate system at King Khaled International Airport in Riyadh and King Fahd International Airport in Dammam to facilitate the entry and exit of passengers.

"Those who want to make use of the electronic facility should approach the registration center at the two airports to get their e-gate cards," the Passport Department said in a statement on Saturday.

Officers at the registration center will check an applicant's identity and upload his/her biometric features (fingerprints and eye images) into the system before issuing the e-gate card with the applicant's photo.

Gambia: Old National ID Card Will Soon be Invalid

Card which was in circulation before the introduction of the biometric national identity card is declared null and void with effect from 31 December 2011 (TMCNet)

Nigeria: Government to Pay Increase Arrears Only to Those Biometrically Verified

A porous system that condoned corruption (next)
The Federal Government will pay the promised increase arrears of salary only to biometrically verified staff of PHCN [ed. Power Holding Company of Nigeria], Mrs Ibikun Odusote, Permanent Secretary in the Ministry of Power, has said.

Odusote made the position of the Federal Government known in a statement made available to the News Agency of Nigeria (NAN) on Thursday in Abuja.

She said funds for the arrears of the payment promised by Mr President was available and would only be paid to biometrically verified PHCN workers with effect from September.

Odusote explained that the present administration was ready to implement 50 per cent wage increase for PHCN workers, adding that government, however, noticed ghost workers that induced the wage bill increase.