Monday, February 28, 2011

More on Australian Politics and Gambling

Wilkie ready to play his ace (The Australian)
Precommitment involves gamblers compulsorily signing up to a system which will, at a nominated limit, shut off their ability to play the pokies. It would involve the use of smart card technology, although not with fingerprint or biometric ID, that would either turn off the machine, or enable the player to keep playing without paying.

To be effective, the card would have to work at every machine in every club. The clubs hate the idea, say it will cost thousands of jobs and slash revenue, and are gearing up for a massive fight.
It's becoming clear that this is all about politics and money and has little to do with helping problem gamblers and the privacy of Australians.

The most cost-effective way to help problem gamblers while respecting the privacy of non-problem gamblers would be the institution of an opt-in system for problem gamblers only. Such a system would provide little or no opportunity for identity theft.

It is our contention that backing up such a system with biometric identity management techniques would reduce fraud within the opt-in system to its lowest possible level at the least cost. Facial recognition would seem to be the preferred modality because for reasons both technical and cultural, it works well with non-habituated users in public areas.

Earlier Posts on this subject:
Biometrics shut out of Australian problem gambler program
Most Unfair biometrics article in a long time

Further information on security application categories and biometric deployments

Friday, February 25, 2011

Mobile Fingerprint applications for law enforcement

Technology gives cops new ammunition to ID criminals (Atlanta Journal-Constitution)
There’s a new tool in town for fighting crime. And some law enforcement agencies are wondering how they made do for so long without the RapidID, a fingerprint scanner about the size of a smart phone.

“It’s instantaneous information,” said Sgt. Lamar Hester with the Atlanta Police Department.

The RapidID units are used to take fingerprints, mostly in the field.

“It’s revolutionizing the way we do business,” said Vernon Keenan, director of the Georgia Bureau of Investigation, which led the pilot project testing the “mobile biometric fingerprint identification” units.
The confluence of biometric and mobile technologies is a really big deal.

There's also a discussion of the privacy aspects.

A biometric voter role for Zimbabwe?

Bankrupt ZEC requires US$240m for polls (TheIndependant.co.zw)
According to ZEC’s five-year strategic plan, the commission needs nearly US$94 million for the referendum, US$8,6 million for the delimitation exercise, US$20 million for the voters’ roll and US$117,45 million for the elections. The strategic plan was launched in the capital on Tuesday.
The US$94 million for the referendum includes money for pre-referendum preparations, voter education, election materials and conducting the referendum.
and
He said the key to achieving a free and fair election was to ensure “a new, biometric voters’ roll, a stable and secure environment, a credible electoral body with a non-partisan secretariat, a non-partisan public media, security sector reform and a referendum on the new constitution. We cannot have an election before we achieve these key milestones”.
Zimbabwe (CIA World Factbook)
$240 million is approximately $40 per voter and 5.5% of Zimbabwe's estimated 2010 GDP.

UPDATE:
Zimbabwe Prof Arrested, Tortured for Watching Viral Vids (Wired.com)
Mugabe is known as one of the most ruthless and vicious dictators in the world, and it appears he has managed to terrorize his own people sufficiently that the prospect of any sort of popular uprising is very remote.
It is difficult to see how a biometric voter registration system can, in the current circumstances, be of any benefit to ordinary Zimbabweans. The $240 million it will cost seems more likely to benefit antidemocratic rather than democratic forces.

Thursday, February 24, 2011

Most Unfair biometrics article in a long time

In this blog's early days, it seemed that few in the press understood biometric identity management technologies and some were willing to repeat any assertion made by those opposed to their adoption without the faintest hint of skepticism or critical judgment.

Thankfully, we have witnessed an incredible growth in the number of thoughtful, sincere and honest approaches to how this new technology fits into a world that values individual privacy, protects property and innocent human life and brings increased efficiency to the creation of wealth.

We have also seen how many journalists have publicized the role biometric identity management systems can play in extending these benefits to the world's less developed countries by fighting corruption, protecting the vote and enabling programs benefiting many of the world's poorest inhabitants.

This progress in the coverage of biometric technologies is to be celebrated because it furthers reasoned discussion and understanding and because it provides a contrast to the increasingly rare efforts of those whose work serves only to polarize, confuse and misinform.

One such article deserves a thorough examination:
The background is that Australia is contemplating a system requiring all gamblers to enroll in a smart card-based identification system. The stated objective is that this will allow the government to address the problem of gambling addiction.

Fingerprint scans ruled out of pokies reform plan (The Age, Australia)
We used this article as part of the informational basis for this post but its assertions deserve further comment.
BIOMETRIC identification, such as fingerprint scans, will not be used in the mandatory pre-commitment scheme for poker machines, quashing fears that punters' privacy would be breached.
This statement is false. A database of extremely sensitive information on everyone who uses a smart card will be kept regardless of whether or not biometrics are included. Quashed? Really? A system that respected the privacy of Australians would not collect private information on everyone whether they have a gambling problem or not. Collecting the data creates the risk. Collecting the data on everyone to protect the few, creates risks for everyone to reduce risk for a few. Biometrics have nothing to do with it.
Families Minister Jenny Macklin and independent MP Andrew Wilkie yesterday ruled out using biometric data, favouring a smartcard to limit the amount gamblers could spend on pokies in a session.
How? Who will set the limit? Wouldn't allowing problem gamblers to set their own limit mean that there are no problem gamblers?
The gambling and hospitality industry had warned that a biometric identification was dangerous and could lead to identity theft.
Forcing every customer to provide enough information to issue the card will expose far more people to the risk of identity theft than managing an opt-in biometric system for problem gamblers only.

The biometric information stored in a database is essentially useless for stealing an identity. Did your credit card application have a blank for your fingerprint, photo? No? Even if it did, someone who steals a biometric template cannot recreate an image of the body part used to create it. Did it have blanks for the type of information that will be required in order to issue the smart card; information such as name, address, date of birth, etc.? Yes?

Besides, who would steal the identities of opted-in problem gamblers? Only the stupidest identity thieves of all time. But a database of all gamblers could be an extremely valuable thing to hack.

In asserting that the nameless "gambling and hospitality industry" has deemed biometric identification dangerous, when effective is the better adjective, the article's author runs the risk of insinuating that business owners are sowing fear in the public in order to continue to profit from the illnesses of others. Is this what he intends?
Mr Wilkie's support for the government hinges on the mandatory pre-commitment scheme being implemented in 2014, which will need the support of the crossbenchers. ''This is a test of leadership for Julia Gillard but I think she is up to the task,'' Mr Wilkie said. ''I'm happy to rule out fingerprinting, retinal scans, any other sort of biometric system that might be out there and I agree with [Ms Macklin], Australians are very comfortable with cards.''
Alas, the real point of the article: Politics. Are Australians so comfortable with cards that they will hand over enough private information not only to track all of their gambling habits, but to build detailed accounts of much of their private lives as well as creating a new avenue for identity theft? Should they be?
The pokies reforms include a $250 ATM withdrawal limit at pokies venues, but yesterday Ms Macklin and Mr Wilkie said that there would be exemptions for small country towns whose only ATM is at the pub.
$250 per day = $91,250 per year without leaving the premises. You can always leave, get more cash and come back.
A meeting of the Select Council on Gambling, established by the Council of Australian Governments, will meet today.
Journalist writes lazy, one-sided article where:
An emerging technology is slandered;
Politicians grandstand;
Gambling businesses avoid a political fight;
Australian citizens have their privacy reduced;
Problem gamblers get no help.

Did I miss anything?

Biometrics shut out of Australian problem gambler program

Fingerprint scans ruled out of pokies reform plan (The Age)
BIOMETRIC identification, such as fingerprint scans, will not be used in the mandatory pre-commitment scheme for poker machines, quashing fears that punters' privacy would be breached.
Julia Gillard rules out fingerprinting under plans to win over Wilike (The Australian)
THE use of fingerprints and other biometric information has been ruled out under a promised poker machine pre-commitment scheme agreed by Julia Gillard to win the support of Tasmanian independent Andrew Wilkie.
Those implementating new gambling regulations in Australia have disqualified biometrics as a reasonable identity management tool.

The mistakes and misapprehensions are manifold.

Smart cards won't work. Could this be why the gambling and hospitality industry is supposedly for them? They won't work because without a biometric check it will be a simple matter to get as many smart cards as one wishes.

The $250 loss limit implied by the ATM limit will help only the most affluent problem gamblers. What percentage of people with gambling problems can be saved by capping their losses at $250 per day? That's up to $90,000 per year. Allowing/forcing gamblers to set their own limits will only benefit non-problem gamblers because, by definition, problem gamblers are incapable of setting limits for themselves.

The discussion of the proposed system and biometrics is too narrow. A system designed to protect problem gamblers does not require the credentialing of every customer. The only biometric modality ever considered was fingerprint. Facial recognition was never considered even though the cultural discomfort and privacy concerns are much lower.

Many politicians don't care about privacy or problem gambling. They care about news articles. The most serious threat biometrics pose to privacy lies in the security of the database in which the biometric templates are held. But if the database is insecure, the biometric information is the least of a user's privacy worries.

What gives away more privacy?

A string of binary gibberish that requires a special computer program to get to something that is still not a picture of a fingerprint, face, iris, etc.

OR

The complete narrative of your gambling habits including:
Name
Address
Dates of card usage
Time of card usage
Locations of card usage
Cumulative gambling statistics
Etc.?

You'll know that the government is serious about the problem of gambling addiction when it adopts biometric identity management techniques to address it.

Wednesday, February 23, 2011

India's UID poject opens up rural areas for economic development

Rural India catches fancy of IT vendors (ZDNet Asia)
The government, through its e-government initiatives, is emerging as a major driver for IT adoption. As part of its National E-Governance Plan project, the government has collaborated with IT companies to establish the National Information Infrastructure, where State-Wide Area Networks, Common Service Centers and State Data Centers are being established to provide connectivity and technology access throughout the country.
and
The Tripura Gramin Bank (TGB), for instance, opened several mobile bank branches to provide banking services in Indian villages. It issued biometric cards to disburse wages under the Mahatma Gandhi National Rural Employment Guarantee Act, as well as pension under the National Old-Age Pension Scheme (NOAP). The devices are equipped with a fingerprint verification system, allowing rural residents to withdraw their payment with a thumbprint impression on a touchscreen.
If India is to assume the role it envisions for itself in world affairs, it must push the digital economy out into rural areas. Moves like those described in this article would not have been possible without India's UID project whereby India is giving everyone in the country a meaningful ID backed up with biometrics.

India's population is 70% rural and 39% illiterate. Extending an ID to everyone can help bring the 70% into the modern economy; using biometrics can help the 39% who can't read make more meaningful use of modern services that are increasingly delivered electronically.

Monday, February 21, 2011

Nigeria Voter System and Implementation Update

In this post, we drew attention to two very interesting and important aspects of the Nigerian biometric voter registration effort.

The linked article inspired hope for a transparent election process. It also begged a few questions. Could Nigeria go from open source pieces to a functioning electoral system within acceptable financial, functional and time constraints? What led Nigeria to build its own technological solution, rather than purchase one? Would the technology be seen to be free from political influence?

This article from Vanguard (Nigeria) "How not to register voters: One election, one registration" sheds light on the first question. The article does expose some of the significant difficulties encountered in rolling out the biometric system, but it is also critical of the bureaucratic framework in which Nigerian elections take place.

The video at Millions register for Nigeria vote (Al Jazeera) also provides some insight into the other two questions while raising even more but the video is interesting and inspiring in its own right.

From the looks of it, the main architect of the system is Nyimbi Odero. During his interview his title is given as ICT Consultant, Electoral Commission.

Friday, February 18, 2011

Latest on Australia and problem gambler measures

Problem gamblers may have to face up to it (Sydney Morning Herald)
PUNTERS wishing to play the pokies at the pub could have their eyes, face or finger scanned under a bold plan proposed by a social welfare group to help problem gamblers.

The Tasmanian chief executive of Relationships Australia, Mat Rowell, said a biometric identification check would provide the greatest level of security and make it harder for problem gamblers to dodge limits.
Other posts on this topic:
A discussion of effectiveness
A discussion of modality (face v. finger)

Thursday, February 17, 2011

Feds Target Illegal Hires

Feds Target Illegal Hires (WSJ MarketWatch)
"In states where E-Verify is mandatory, there are still illegal workers," said Mr. Cerda, the immigration attorney. He argues that E-Verify must be linked to a biometric identity system to be effective.
For technical background see Tom Bush's white paper linked at this post.

Ugandan Electoral History is Made

Changing the Face of the Country's Elections (AllAfrica.com)
Operating under a shroud of suspicion, the Electoral Commission opted for the tested tool for transparency - the internet. Forget the cumbersome previous elections, the EC introduced biometric registration, complete with photo and fingerprint, to catch fraudsters, posted polling details via SMS to voters, and released the complete voter register online at http://www.ec.or.ug or http://41.210.167.106/nvr/. www.nvr.or.ug.
Many technologies have dramatically increased the power of the people to demand more responsive government. Biometric ID management techniques are one.

Wednesday, February 16, 2011

L-1 completes sell-off of business units

Purchase price $303 million (UPI.com)
The purchase price for SpecTal LLC, Advanced Concepts Inc. and McClendon to BAE was $295.8 million in cash and $7.2 million of certain assumed obligations for a total value of $303 million.
This is the other side of the Safran sale.

ID scrapping to cost taxpayers £2.25m in compensation

Around £2.25 million is to be paid out in compensation to companies (PublicTechnology.net)
The figure was confirmed in a letter from Immigration minister Damian Green to former Home Secretary David Blunkett, which included a breakdown of the compensation. More than £2 million of the total £2,253,000 compensation is to go to Thales (which will also pocket a further £400,000 for its part in decommissioning the systems and obliterating the personal data) while £183,000 will go to 3M, and £68,000 to Cable & Wireless.

We previously provided a figure of £400,000.

Tuesday, February 15, 2011

Important White Paper by Tom Bush

Reducing Illegal Employment through the Use of Biometrics: Options and Recommendations (pdf hosted at Bio-Key.com)

This white paper, detailing how to tighten up compliance with employment laws, has broad applicability to any decision on the adoption of biometric identity management technologies and we recommend it highly.

This is how it's done. There's a discussion of the status quo and why it is inadequate; there's a discussion of cost; and there's a discussion of differing modalities.

Some notes on Mr. Bush:
Retired from the FBI in 2009 after over 33 years of service.

Assistant Director of the FBI's Criminal Justice Information Services Division (CJIS). Initiatives included the Integrated Automated Fingerprint Identification System (IAFIS), the largest criminal biometric database in the world.

Following his retirement, he established a consulting business, Tom Bush Consulting, LLC. He currently serves as a Strategic Advisor for BIO-key International, Inc.

Monday, February 14, 2011

UK will delete hundreds of thousands of DNA profiles

DNA profiles to be deleted from police database (BBC)
Police hit delete on DNA profiles (The Register)

No word yet on whether or not the DNA hardware is in for the wipe, shred, incinerate treatment or whether that's reserved for the ID card database.

Friday, February 11, 2011

Doctor convicted of surgery to alter immigrant fingerprints

Sentenced to a year and a day in prison (Reuters AlertNet)
"A doctor from the Dominican Republic was convicted and sentenced in Boston on Thursday of offering to surgically alter the fingerprints of illegal aliens, the U.S. Department of Justice said. The case is one of a number of attempts in recent years to subvert the federal government's new biometric border security program, known as the Integrated Automated Fingerprint Identification System. Jose Elias Zaiter-Pou, 62, pleaded guilty of conspiring to conceal illegal aliens from detection by law enforcement authorities, by surgically altering their fingerprints in exchange for payment."
The doctor will be deported after serving his sentence. Two things come to mind:

I wonder if he will alter his own fingerprints.

Maybe they should throw iris or another modality into the mix.

Nigeria: Voter roles subject to public scrutiny

Voter verification begins Feb. 14 (The Punch, Nigeria)
“In fact, with most (not all) of the data now reported by the states, we have by this morning registered 63,981,460 Nigerians for the coming elections.

“I wish to appeal to all Nigerians to also come out in their numbers for the verification that will take place from February 14 to 18.

“The list will be displayed in all polling units during the period for the public to register their claims and objections.

“This exercise did not take place in the immediate past and that partly explained the problems of the old voter register.

“This is therefore an opportunity for people to deal with irregular entries in the register.
Nigeria, Africa's most populous country, is going to great lengths to insure a transparent election process despite significant challenges.

But this part is odd.
“In fact, the commission became a biometric equipment experimental laboratory. On software, we also found many shortcomings.

“Millions of Naira was spent on licenses for software manufacturers who were able to hold the commission to ransom by encrypting data and asking for even more money to decrypt data.

“Consequently, we decided to avoid this type of software peonage by developing our own in-house registration software based on the open source principle.”
I'd be interested to hear more about this. There are some open source algorithms out there but an algorithm is not a system. Most countries prefer to buy the service rather than create one for themselves.

Countries with high corruption levels and at a high risk of electoral violence could be courting disaster if the technology is seen to be in the hands of one party.

The rise of biometrics

Why isn't IT in South Africa leveraging the proven security benefits of biometrics? (ITWeb.co.za)
Make the investment, cut the losses. Simple as that.
Here's a straightforward case for corporate adoption of biometric identity management systems.

Thursday, February 10, 2011

UK biometric ID cards go up in flames

First step to tackle 'database state'? (The Independent)
Five hundred hard-disk drives and 100 back-up tapes, containing the personal details of early ID card applicants, have already been electronicaly wiped. They will be taken to an Essex industrial estate to be shredded and the remains burned in a factory furnace in Birmingham.
The ashes will then be collected and transported in a diplomatic pouch to the Baikonur Cosmodrome in Kazakhstan where they will be loaded onto a Soyuz rocket and launched into the sun.

Man Hubert of ID?NO! will accompany the ashes on their three month trip to the sun just to make sure that no one gets to them before they complete their journey. He has kept his plans for the ashes once he arrives there secret.

Mr. Hubert, said: "I have no doubt that there are those in Whitehall who will not rest until these ashes are reassembled."


OK, I made up all of that italicized text after the block quote.

It is possible, even relatively straightforward and inexpensive to destroy the data completely using only software. Or, you can go straight to the burning. The number, the complexity, and the geographic dispersion of the steps outlined in the linked article constitutes security theater. And as long as we're in the theater business, nothing makes for better spectacle than rockets and solar explosions.

As for the ID system itself, most British observers thought the government was going about the project all wrong. We, of course, followed the saga with interest as the list of posts below indicates.

The most important of these is Goodbye ID cards - is it time to say hello to identity banks? because it links to a 2008 report by Sir James Crosby, then at HM Treasury, entitled Challenges and Opportunities in Identity Assurance (.pdf). The report is worth considerable attention.

Other posts on this subject:
May 14, 2010: UK to Kill Off National ID Card Program
May 21, 2010: Goodbye ID cards - is it time to say hello to identity banks?
Sept. 21, 2010: Citizen or subject: The politics of personal identity
Dec. 21, 2010: UK: ID Cards Scrapped by Coalition Government
Jan. 20, 2011: UK: Destruction of ID card data to cost £400,000

Wednesday, February 9, 2011

Failure rate for biometric pokies?

Use of biometrics to reduce problem gambling would suffer a 20 to 30 per cent failure rate, says smart card salesman (ZDNet.com.au)
"About 12 per cent of the population do not have a fingerprint. They are too old or they have been engaged in manual work and it may have worn off. There is no wall on the end of their thumb. Biometrics are going to be a much more expensive solution," he told the committee.

"This is mainly because, if you have to maintain 197,000 biometric readers ... it is going to be extraordinarily expensive. You are looking at something like five times the cost for biometrics."

Donald said there would have to be many exceptions made to the system if biometrics were used.
This article invites a question we often ask: Compared to what? We'll be charitable and take the percentages in the article as given. How many problem gamblers are being detected in the absence of a system? If the answer is less than 70%, what is the improvement from current levels of detection to a 70% detection rate worth? What does the proposed system cost? In short, does the proposed system offer a positive return on investment (ROI)?

Secondly, because of their accuracy, ease of use, low cost and strong history of delivering positive ROI, fingerprint biometrics are all the rage. But they are not the only game in town. Facial recognition may be the preferred modality in this application. One facial recognition system at the front door of the facility can eliminate the need to have a biometric reader at every machine. The same can be said for a fingerprint system, but face-rec systems are less intrusive and they address the problem, raised in the article (we're still being charitable), of the 12% of the population who can't use all fingerprint readers.

Third, why does anyone assume that vandalizing property in order to circumvent security measures is an indictment of the security measure? Someone who finds a way to break a slot machine to get the money out of it doesn't have a gambling problem, they have a stealing problem. Someone who damages property (breaks a fingerprint reader) in the misguided hope that the machine will enable an enrolled problem gambler to use the machine, has a vandalism problem. Granted, a gambling addiction could serve as one impetus for both behaviors, but preventing this type of behavior isn't what the problem gambler program is built to address. These systems are meant to allow problem gamblers to put themselves on a "do not serve" list while reducing the abuse of the program by non-problem gamblers who simply wish to indemnify themselves against gambling losses.

The amusement and biometric sensor manufacturers both take the durability and physical security of the devices they manufacture seriously but they aren't, and never will be, invincible.

India Begins Census Count

India has begun the mammoth task of conducting a count of its billion plus population (Voice of America)
More than two and a half million census workers branched out throughout the vast nation on Wednesday to document details of all Indians.

The three-week phase of the census is the most challenging as it involves a physical count of the country’s citizens. The mammoth exercise will be completed by the end of the month.

Security Industry Association says E-Verify needs Biometrics

Federal Government Report on E-Verify Shows Need for Biometrics, SIA Says (Yahoo News & PRWeb)
E-Verify is used by employers to determine if individuals are legal residents of the United States and, thus, eligible to work in this country. The program, however, suffers from significant error rates, and SIA in November released a set of recommendations for adding a biometric component to the program that could “reduce these error rates, increase privacy and enhance identity assurance.”

Tuesday, February 8, 2011

Cogent founder makes list of top tech philanthropists

Which tech billionaires donated the most to charities in 2010? (NetworkWorld.com)
Also representing the tech industry is Ming Hsieh, who donated $50 million to the University of Southern California to help fund a new institute for nanomedicine research. Hsieh (No. 19) founded AMAX Information Technologies, a high performance computing and storage vendor in Fremont, Calif., and Cogent Systems, a biometric security vendor in Pasadena.
Mr. Hsieh has also donated generously to West Virginia University.

Monday, February 7, 2011

Biometrics employed to crack down on proxy test takers

Students impressed (Hindu.com)
Sharmitha Sreshta, a doctor from Tamil Nadu, said everybody was excited to see the technology being employed. “While this means that fraudsters cannot trivialise this examination for us, it also means that the authorities are moving towards tightening the process. The existing system allows for a lot of fraud.”
Fingerprint biometrics are becoming ubiquitous in testing for graduate school admissions.

Friday, February 4, 2011

Stockholders of L-1 approve Safran SA merger

Stockholders OK sale of L-1 units to French group (Washington Monthly)
Following approval by the Committee on Foreign Investment in the United States, completion of the BAE sale and other customary conditions, Safran will purchase L-1’s Secure Credentialing Solutions, Biometric, and Enterprise Access Solutions and Enrollment Services units.

Iris Biometrics in the news

Iris recognition may move from movies into the real world (Pittsbutgh Post-Gazette)
Biometric technology such as iris recognition uses physical characteristics -- including facial shape, fingerprints, retinal photos and iris patterns -- to confirm identities. The technology works by photographing the iris, the colored membrane that controls how much light reaches the retina, and converting the picture into a computer code. The code is compared with one in a database.

In 1936, a St. Paul, Minn., ophthalmologist named Frank Burch proposed identifying people using the furrows, ridges, rings and freckling that make every iris unique. But it wasn't until 1987 that eye doctors Leonard Flom and Aran Safir were granted a patent for the concept of the identification technology.

A Company Seeks Ubiquitous Iris Scans On PCs, ATMs and Cell Phones
(PopSci.com)
Like fingerprints, every person’s irises are different; not even both irises of the same person are the same. Fingerprints can take a while to verify through state and national databases, but an iris scan, which uses more data points for biometric identification, can come up with a match within a few seconds. Those are the pros, if you’re a security expert. But they’re minuses if your concern is privacy. Fingerprints, by their very nature, are an active identification metric; you have to touch something to imprint them. But iris scans are passive — you just walk past a security camera (or, as in “Minority Report,” billboards in the mall) and the person controlling the scanner can spot your identity within seconds.
The Pittsburgh Post Gazette article is straightforward and informative.

The PopSci article reads like a press release masquerading as news.

The facts the PopSci article presents seem a bit off, too.

It has always been the case that iris matching is slower than fingerprint matching. That's why it's popular in jails, where the customers aren't in much of a hurry. In places where throughput is a primary concern, such as school lunch counters, fingerprint biometrics have been more popular.

The author says that the iris match is faster because it uses more data points. That's not really the way computers work. Other things being equal, processing more data points takes more time.

Iris matching technology is highly accurate. More accurate, even, than fingerprints. In a side by side comparison between iris and finger with participating individuals where speed is not a factor, iris wins hands down.

There are many applications where iris is the preferred modality for an identity management application. But like we said yesterday, there is no magic bullet in identity management.

Iris at a distance, as discussed in the article, moves the goalposts and offers intriguing possibilities. But, especially in this industry, it is important to avoid over-promising and under-delivering.

For some background on how the company referenced in the article sees the future and their current capabilities, see the Fast Company article from last August: Iris Scanners Create the Most Secure City in the World.

Thursday, February 3, 2011

Australian Pub biometrics, Part II. Why not Face-Rec?

No ad hoc biometrics sharing: privacy chief (ZDNet.com.au)

Earlier post here.
Australian Privacy Commissioner Timothy Pilgrim has warned pubs and clubs collecting biometric information from their patrons not to "automatically" share that information with other clubs unless they have notified their patrons.
This Makes sense. The terms of service between bar owners and their customers should be transparent and understood by all parties, just as they are when users input personal information into web sites.

If the owner can reduce costs and better serve customers by making the environment safer by identifying and discouraging the few patrons that spoil the experience for everyone else, the owner should be free to take measures in furtherance of that goal. If biometrics are the method of accomplishing this goal with the greatest efficacy (ROI), then so be it.

It is reasonable to infer that the bar owners who have adopted biometric systems believe that a hard-drinking, trouble-making bully drives away customers, raises expenses and leaves the owner liable for damages to innocent people and their property while the biometric check simply drives away some customers and leads others to feel safer.

I might, however, suggest that there is a solution that could accomplish the goal while reducing many of the privacy concerns raised by concerned stakeholders: Facial Recognition.

Fingerprints are cheap and effective (huge ROI) which is why they are being adopted at such a high rate. But for reasons more cultural than scientific, they are sometimes perceived as invasive of privacy.

In an era where everyone has a video camera in their pocket and business establishments have had cameras (and signs alerting the customers as to their presence) installed for twenty-five years or more, installing a video camera at the front door is simply not that controversial. There is also no well established expectation of privacy from being photographed in a public place. The terms of use for video and photos are already implicitly understood.

The systems are a bit more expensive and they are a bit less accurate than the near-perfect results offered by fingerprint systems but their deployment is less controversial and there is nothing preventing the sharing of a photograph among private parties.

There is no magic bullet in biometric identity management. Different modalities are suited to different applications depending upon the physical and social environment in which they are deployed. A good cost-benefit analysis incorporating financial and social considerations helps determine the preferred identity management system.

SecurLinx offers a product, FaceTrac, developed for the specific concern the pub owners are attempting to address.

For additional information about FaceTrac: mail@securlinx.com
For blog comments: blog@securlinx.com

Madison County Alabama Commission finds way to cut spending

Looking in to wasteful spending by Madison County employees (WAFF Huntsville, AL)
Every few weeks department heads and county commissioners receive a payroll log. All they have to do is scan through and see where all the overtime money is going.

"We've got people at some point shows they are working 14 hours a day for 14 days straight. Again I question that," said Madison County Commissioner Dale Strong.

Commissioner Strong has strong feelings about what he calls wasteful spending, but he isn't just complaining about it. He has a solution to the county's overtime problem.
Biometric identity management systems can help with state, county and local budgets constrained by current economic circumstances.

Because biometrics yield a positive return on investment, they provide a way for dedicated public servants like those mentioned in the article to do more with less.

Indian PM calls for improving rural employment program

Improving the delivery system so that its benefits reach the deserving (NewKerala.com)
He said the government was preparing a biometric database for MGNREGA labourers which would be helpful in making payments to them and removing any delays. He hoped it would reduce any delays in payments, discrimination and fake master-rolls.
Fraud is perhaps the greatest challenge to governmental efforts to help the world's poor. If the broader society perceives that a program designed to lift the vulnerable serves primarily as an opportunity for graft and corruption, it will not support the program.

Biometric identity management systems can help build confidence that resources devoted to a worthy cause are not contributing to the problems they are meant to address.

Nigerian state Identifies 2,000 Ghost Workers

Nigerian state, Niger, Identifies 2,000 Ghost Workers (AllAfrica.com)
The Niger State Head of Service, Alhaji Ibrahim Matene, has said that investigation has revealed that the state has over 2,000 ghost workers, adding that an additional 4,700 civil servants were being screened over e-payment irregularities.
The implementation of biometric identity management systems are a cost effective first step towards reducing corruption and increasing trust in vital national institutions.

Other posts dealing with ghost workers

Wednesday, February 2, 2011

Jails record biometric data of inmates and visitors

Jails now record biometric data of inmates and visitors (Times of India)
CHENNAI: Prison officials have started collecting and storing the fingerprints and photographs of inmates as well as visitors to Puzhal and Tiruchi prisons.
This is increasingly common around the world.

Having data on prisoners makes complete sense. Too frequently, prisons release the wrong inmate.

Gathering and analyzing data on prisoner visits can aid investigation into organized crime networks.

Tuesday, February 1, 2011

Face-Rec, Standards & ROI

Biometrics on the cusp (ThirdFactor.com)
Richard Lazarick, chief scientist at CSC’s Global Security Solutions Identity Labs: “The barrier now is, ‘Can I convince myself that I’m going to get a return on investment?’.”

Video from the 2010 Biometrics Consortium conference at the link.

Australian pubs and clubs are using biometrics databases in efforts to curb violence

National biometric pub list use 'explodes' (ZDNet.com.au)
While patrons remain divided on the need to surrender biometric data to buy a beer, the system appears to have led to a halt in violence in pubs and clubs.

The Woodport Inn on the NSW Central Coast has obliterated the incidents of violence which had once troubled its night club.

"[The] violent people here are gone, just gone," said one bar manager. "They are scared of it. They know they will be caught".

The venue is one of several in the area that use NightKey fingerprint scanners, including the Central Coast Hotel and Woy Woy Leagues Club, but it does not share ban lists.

A manager from a Sydney CBD bar who requested anonymity said that the ban database had cut violence, adding that the venue may soon be able to reduce its security headcount. The machines are not classified by NSW Police as security equipment and can be operated by a staff member.

Alcohol-related incidences have dropped by up to 80 per cent in some venues that use the scanners, according to Perrett. He said the data is a smoking gun that police can use to convict violent offenders.
This article touches upon many of the issues we regularly address here: ROI, public safety & Privacy vs. Anonymity to name a few.

Fingerprint biometric wallets back in the news

Dunhill's Biometric Wallet Only Opens for You (Tom'sGuide.com)
This is Dunhill’s Biometric wallet. Featuring a biometric card that detects the owner’s fingerprint, this carbon fiber wallet will only open for the person who payed the roughly $800 to buy it in the first place. Sure, a thief could probably get it open if they really, really wanted to, but this might at least give you some extra time to call the bank and cancel your cards before the robber has a chance to hit Amazon.
Buy one here for $825. (dunhill.com)

Mike00, in the Tom's Guide comments, makes a good point. If it has a fingerprint reader and blue tooth, what happens when it runs out of batteries?

The Miami Herald deemed a similar product its worst performing gadget of 2010. Perhaps Dunhill has addressed some of the problems with the TungstenW model. Close examination of the images from Dunhill's site and the TungstenW model, however, lead one to believe that the Dunhill model is the TungstenW.