Friday, September 30, 2011

Prototype "Rapid" DNA

Could bolster forensic investigations (Computerworld)
All that's needed is to insert the type of swab now widely used to collect DNA often from inside a cheek into the DNA-analysis kit and within 90 minutes, out pops the answer to what an individual's DNA is (not a full genetic analysis but what suffices for identification and perhaps confirming family relationships such as parent-child or sister-brother).

The goal is to get RapidHIT, a portable box-like device with integrated bio-science reagents, chipset, software and applications down to an hour. Jovanovich said there's been field testing with the Palm Bay, Fla., police department. Even the Department of Defense has taken the RapidHIT device to test it with Army volunteers in a Norfolk field exercise in May, he added, noting that one Army officer brought a swab from his son to see what the DNA-linked paternity outcome to him would be (he wasn't disappointed).
If it's all that's available, and often it is, DNA analysis is an extremely valuable tool. Occasionally, time is of the essence and DNA is the only option. The full article describes the efforts of several organizations to return DNA results more quickly.

And then, there's this:
One pent-up need for a rapid DNA analysis kit is coming for the Department of Homeland Security's citizenship and emigration services, according to Christopher Miles, biometrics program manager at DHS.
The uncomfortable realization that the government might be wasting a huge amount of time reading fraudulent documents and listening to lies was a lesson learned a few years ago in trying to help refugees in Kenya that wanted to emigrate to the U.S. In that instance, the U.S. government took about 500 DNA samples, did a lab analysis to verify family relationships, and found out 80% were fraudulent, Miles said.
Biometric modalities are interesting. Different ones are good for different things. No other modality can determine biological family relationships which, in certain circumstances, are very important.

It's not clear that "rapid" is necessary in this application because the gating factor on how long the immigration process takes isn't the time required for DNA testing. The ROI on shortening the turn-around time on a DNA test may not be there, but that 80% number is staggering.

Because "rapid" isn't that rapid and interacting with the biometric sensor is awkward, DNA, as a biometric modality is likely to remain at the "high value, low volume" end of the spectrum for a long time to come.

India: Insight into the Bureaucratic Struggle for UID

Nandan Nilekani defends Aadhaar (Economic Times)
Unique Identity Authority of India (UIDAI) chairman, Nandan Nilekani, vigorously defended his body against criticism from various government departments and dismissed concerns about the lack of checks and balances in its functioning. Nilekani is expected to meet prime minister Manmohan Singh to set the record straight about the Authority's operations. He will also meet Planning Commission chairman Montek Singh Ahluwalia early next week.
The Economic Times has been doing excellent work in keeping up with UID.
The Hindustan Times also weighs in: UIDAI, Plan panel refuse to budge; fight still on

See also: Aadhaar valid to open bank account (The Times of India) which describes some of the nuts-and-bolts of how the ID opens up access to services such as banking, phone and utilities.

Recent Posts:
India: Is UID Under Siege?
India: UID is the Easy Part

Nigeria to Implement National Biometric ID

FEC okays N30.66bn for new national identity card (Vanguard)
THE weekly Federal Executive Council, FEC, yesterday rose from a prolonged session with an approval for the National Identity Management Commission, NIMC, to embark on the provision of an electronic national identity card for all Nigerians of 18 years old and above, at the cost of N30.66 billion.

The FEC meeting which was presided over by President Goodluck Jonathan, with Vice President Namadi Sambo, said the project entails the development of a comprehensive, biometric database for all Nigerian adults.
30.66 billion Nigerian Naira = $191.56 million US (link)

Nigeria has already devised a biometric voter register. See: Nigeria Voter System and Implementation Update

Other posts on Nigeria

Thursday, September 29, 2011

Will Advanced Biometrics Automate Future War Machines?

"Tactical non-cooperative biometrics" raises troubling questions (CIO Magazine)
Biometric security breakthroughs are coming that would let the military capture from a distance an iris and facial scan of an individual and immediately match it to a biometrics-based "Watch List" of suspected terrorists, combatants or criminals.
Included Topics:
♦ Sensors mounted on flying aircraft drones
♦ Automated killing in war based on "tactical non-cooperative biometrics"
♦ Surveillance and watch lists
♦ Ethnicity & Gender identification
♦ Hardware & Software

All technological advances force societies to choose which applications of the new technology are acceptable. This article does a pretty good job of outlining some of the more exotic military possibilities opened up by biometrics, but it also shows that the military's thinking on acceptibility is pretty advanced, as well.

Voice of America: India Requires Citizens to Register for Biometric Identity Number

Ambitious project (Voice Of America)
Until some months ago, a resident of a poor neighborhood in New Delhi, college student Ashok Kumar, 21, faced a problem. With no identification such as a passport or a driving license, mobile phone operators refused to give him a number.

That changed when Kumar was issued a 12-digit number as part of an ambitious project to give every Indian citizen a biometric identity.

He says with this number as proof of his identity, he was issued a mobile phone number. He has opened a bank account. And when he traveled to Bangalore recently, he showed his biometric number when asked to prove his identity.

Ignoring the headline, the article is a solid summary of the program and the benefits it aspires to confer.

But for now, UID only has a mandate for enrolling 200 million people. Given India's population, and assuming the use of plain language, it's hard to square the headline's assertion that UID is required — although it is obviously highly desirable to many people such as Mr. Kumar.

Perhaps it should be required. Perhaps it will eventually be required. Perhaps the headline writer is conflating the census with UID. Perhaps it's a far more mundane mistake. But it's hard to see how UID enrollment is required at the present.

Anyway, it's probably just a mistake. The article itself is quite good.

Ghana Biometric Voter Registration

The Ghanaian Electoral Commission's selection of a vendor for its biometric voter registration exercize has been getting a lot of attention lately. Click this Bing news search for "ghana biometric voter" for a sample.

After reading a few of these stories it becomes clear that there are significant challenges involved in the implementation of the biometric register. But more interesting is the challenge Ghana doesn't face: reaching a consensus that a biometric voter system is desirable.

Ghanaians are extremely proud of their democracy and they are keen to protect and deepen it. They also overwhelmingly support the effort to reinforce the keystone of democracy, free and fair elections, with a well conceived, implemented and managed biometric voter management system.

Health Care, Time-and-Attendance & ROI

Basildon and Thurrock University Hospitals NHS Foundation Trust deploys SMART to streamline processes and reduce costs (Press Release)
Basildon and Thurrock University Hospitals NHS Foundation Trust is using SMART, provider of solutions for workforce management, to streamline processes that save time and money and release valuable resources back to patient care. To date, the Trust has deployed SMART’s e-Rostering, Time & Attendance and eExpenses software to support 1,800 clinical staff including 1,500 nurses and plans to expand the system to the rest of the organisation by July 2012. Since implementing SMART, Basildon and Thurrock University Hospitals NHS Trust has generated savings of nearly £500,000 per year.

Before SMART, Basildon and Thurrock University Hospitals NHS Foundation Trust relied entirely on manual processes to record staff time, administer shifts and expenses claims. This approach was not only labour intensive but it was prone to errors. At the same time, the Foundation Trust faced the same challenges as most NHS organisations to reduce costs.

Denial of funds to UIDAI not a setback: Nandan Nilekani

Current Funding to Cover 200 Million Enrollments (Economic Times)
"One of our biggest supporters, the finance minister has been extremely gracious and supportive, and he has always sent me the message that we should do this as fast as we can," Nilekani told reporters at the first anniversary of Aadhaar launch.

"What the finance ministry has done is that essentially they had said that you can enrol up to 200 million and beyond 200 million the cabinet has to decide what the exact modality will be. We have absolutely no issues and we have got fantastic support from the finance ministry," he added.
This follows upon Tuersday's post: India: Is UID Under Siege?

Wednesday, September 28, 2011

New York: Seven Arrested For Alleged SAT Cheating Ring UPDATE: SAT, Biometrics & ROI

Educator: Pressure On Kids Massive; Attorney: District, Not Courts, Should Rule  (CBS - New York via Drudge)
Eshaghoff, who graduated from the high school in 2010 and is currently enrolled at Emory University in Atlanta, was paid between $1,500 and $2,500 per student. He has been arrested and charged with scheme to defraud, falsifying business records and criminal impersonation.
There's big money at stake in administering the test and there's big money and status at stake in obtaining a high score on the test. Many standardized tests use biometrics in order to increase the integrity of the test results.

After all, only half of what the College Board does involves making up and scoring tests. The other half is credentialing and ID management. In the second half, confidence is everything.

Biometrics are already very commonly used for graduate level admissions testing.

See also: Biometrics employed to crack down on proxy test takers

ETS, the nonprofit that administers the SAT under the auspices of the College Board, told Newsday that it had no intentions of tightening security. (International Business Times via @M2SYS)

We talk (Return on Investment) ROI a lot here.

It's likely that biometric identity management for the SAT currently yields a negative ROI.

The GMAT, among other graduate admissions tests uses biometrics, but the graduate tests are a lot more expensive (GMAT $250; SAT $47). The SAT is taken by far more people and in a wider variety of locations (local high schools, etc.) while the graduate level exams are taken at professional testing centers facing different staff training and technology procurement incentives.

If the incidence of SAT cheating is sufficiently rare that the ETS is not losing credibility as a credentialing authority (i.e. colleges still trust them), it's not hard to see why they're planning to keep their current ID management procedures... for now.

UPDATE II (December 16, 2011):
"For now" may have lasted three months.

Is ETS Reconsidering its ID Management Practices? (CNN)
Even before the College Board receives recommendations from Freeh's security firm, it is weighing several new measures to stamp out impersonations.

The nonprofit is considering adjustments to the number and type of IDs it requires from test-takers, as well the use of digital photography in authenticating test-takers' identities, Caperton testified.

Other options it is likely to examine include palm-vein identification technology; fingerprinting, which is used on the LSAT exam; and requiring that students take the test at their own schools.

But in addressing the impersonation issue, the College Board may well create other problems.

If new ID requirements are perceived as a hassle, some students might decide not to take the test at all.

NHTSA Funds Alcohol-Measuring Biometric Car Start Button & Autoweek
Takata, a safety and technology company, and TruTouch have created a vehicle start button with an integrated infrared sensor that can measure your blood-alcohol content. If the reading exceeds legal limits, the system can disable the starter. As the technology advances, it could help eliminate drunken driving, according to TruTouch. The system could be a reality within a decade.
One of the key tipping points for the whole biometrics field will be when insurance companies begin giving their customers discounts for adopting better ID management technology that reduces the risk of a claim.
China: E-payment booms (
Use your fingerprint to buy a bowl of noodles for half off at 10 yuan ($1.60).

Jakarta, Indonesia: 7 of city's 9 million residents expected to get biometric ID cards (The Jakarta Post)

Mauritania: Minorities not too keen on biometric census (AFP)

Tuesday, September 27, 2011

BBC Video About Facial Recognition

Facial recognition marks the end of anonymity (BBC)
That's a bold statement but the video is interesting as a survey of what Carnegie Mellon University is up to in biometrics applications and platforms.

It's a good video. Click on over there and give it a look. It even discusses the privacy/anonymity issue in terms that have a lot in common with a something we posted last week.

But about the PittPatt Technology using face recognition to discover Social Security Numbers (this links to a text article describing the first app featured in the video linked above)...

I'm not buying it.

What Alessandro Acquisti and his team have succeeded at is using a face as a search term in a search engine focused on Facebook. This is probably why Google bought the technology. It is an interesting and important development in its own right and something discussed here: Biometrics, object recognition and search.

But, using a photo of a face to find a Facebook page has zero, nothing to do with Social Security Numbers. An individual's birthday and place of birth, however, has a lot to do with their Social Security Number. See: Google yanks request for kids' social security numbers:
It is open to children from kindergarten through the last year of high school and requires that a contestant provide a Parent Consent Form along with their submission. The original form asked for the child’s city of birth, date of birth, the last four digits of the child’s social security number, and complete contact info for the parents.
Now that's how you get Social Security Numbers! Social engineering and a wide net, not covert efforts focused on individuals.

The only way the PittPatt technology could be useful in stealing an identity by trying to deduce a person's SSN is:
♦ The identity thief has identified a particular individual whose identity she wants to steal.
♦ The identity thief knows no other information about the mark, but she has a photo.
♦ The mark has stored private information (either the SSN itself, or the details that make it somewhat predictable) online in a publicly viewable way together with their photo.

Essentially, the photo just replaces the name as the search term. I've never heard of identity thieves doing their research by typing random names into a search engine and hoping for the best. This isn't how identity theft works and no rationally profit-maximizing identity thief would ever do something like that. It is far easier to search for Facebook profiles that share birthdate information than to sit around on the sidewalk taking pictures of people in the hope that (a) they have a Facebook account, and (b) it contains instructions on how to steal their identity.

Granted, as this type of search becomes more common, and it will, it won't just be Facebook that gets searched. But at most, the PittPatt project allows users to do a search for people without knowing their name.

The real problem is the importance, predictability and unchangeability of Social Security Numbers, not facial recognition.

India: Is UID Under Siege?

Is Nandan Nilekani's UID dream run over? (The Economic Times)
The reasons for the differences are many: territorial, civil liberties, intellectual, political and technological. Put it all together and it gives the impression that the Unique Identification Authority of India (UIDAI) - a novelty in the delivery of a government service - is under siege. From within the government. Nilekani shrugs it off as a "process of debate" natural to a project of such scale and transformational impact. "An important lesson I have learnt is that in the public space, there are a lot more stakeholders with different views," says the UIDAI chairman.
But another top UIDAI official, not wanting to be identified, points to motives in the guise of differences: "It is part skepticism, part vested interests."
The linked article gives an in-depth analysis of the bureaucratic and political forces at work in the implementation of India's UID program. Read the whole thing.

Identity management is about people. The people issues are always thornier than the technological problems. And, yes, UID will upset many applecarts. That's why it's important and that's why it will be hard.

Nandan Nilekani is the animating spirit of the UID project. He knows technology through education and experience among the founding generation of Unisys. He knows management, evidenced by his rise to become CEO of that firm. He knows India (inasmuch as India is "knowable"), having attended Indian schools at every level of his education and having lived in several places there. And he knows government through his service on various committees and advisory groups. He is, perhaps, the only person capable of pulling this off.

No matter how it all turns out, the subject will provide plenty of material for MBA and Political Science textbook writers for years.

There's a tendency when discussing big issues to focus on the big names. The linked article does it, as does this analysis. But we'll never know the names of the people to whom UID matters most. Those people can be seen in the wonderful photographs that accompany this article.

More on UID and Nandan Nilekani from The Atlantic. How to Count One-Sixth of the World's Population.

Kenya: Electronic Voting Is Still Six Years Away

Kenya will not yet implement electronic voting but would procure a platform for electronic voter registration for next year (
"Any application of technology must increase administrative efficiency, reduce long-term costs and enhance political transparency. In the end, elections are about choices expressed in terms of results and those results acquire legitimacy only through unanimous or widespread acceptance".
It's important not to confuse biometric voter registration and verification with e-voting.

There are good reasons for adopting a biometric voter register while using a paper, or other physical balloting mechanism.

Background: Fighting Intensifies After Election in Kenya (New York Times - January 1, 2008)

Monday, September 26, 2011

A Critique of Pure Passwords...

...and a little advice on how to cope until they are finally made obsolete.

First the Critique:
Passwords shouldn't be simple, but this is getting ridiculous ( - John Naughton)
So I think of a really secure, incomprehensible password and type it in. The system rejects it as laughably inadequate. So I try another and another and another. Same result each time. At this point, I'm getting irritated.
Then, a helpful commenter directs us to the advice:

(Click to Enlarge) Source 
It's true. A 23 character password can be easier to remember than an 11 character password. The longer the password, however, the higher the likelihood of typographical errors and mis-keyed passwords.

Why Facial Recognition Time and Attendance?

Meant to improve hygiene, security (Green Bay Press Gazette)
"No worry about Big Brother watching you because everything is a digital template, not an actual image of the individual," he said. "FaceIN is touchless and hygienic. You just simply look at it. The bulk of our business is in health care business, food services, manufacturing, government and retail."
FaceIN product manager, Tony Burks, gets two very good points across in this brief quote.

Different modalities are suited to different applications and environments.

Template-only biometric time-and-attendance systems pose no privacy concerns that don't already exist in the employer/employee relationship.

Friday, September 23, 2011

Biometrics for Health Care Privacy, Efficiency and Safety

Hospitals embrace high-tech security
The next time a hospital official asks to look into your eyes, it might not be your health he's checking.

In South Florida and across the nation, hospitals are implementing high tech biometrics technology to speed up the admission process, reduce errors and add a layer of security in an age where insurance fraud and identity theft is a serious problem.

Increased (Efficiency + Safety + Privacy) = ROI

With the stakes so high, and the straightforward Return on Investment (ROI), it's no surprise that health care is rapidly adopting biometric identity management solutions.

Biometrics for Privacy Protection

Privacy and biomeric identity management techniques are often discused together. One side of the relationship, however, gets a lot more attention than the other. Biometrics have more potential to protect privacy than to undermine it.

80% of Americans worry about Electronic Health Record privacy (Fierce EMR via @M2SYS)
A major part of the concern involves human error and activity, such as lax access controls and inadequate security measures, SailPoint notes in the report.

"Consumers are right to be concerned about the possible exposure of their very private medical information," Jackie Gilbert, vice president of marketing and co-founder at SailPoint, said in a statement. "As the healthcare industry around the world moves toward digitalizing personal healthcare records, keeping patient information private and secure must be the highest priority. Healthcare organizations need to make sure that they have the proper controls in place to protect patient data; those that don't clearly risk lawsuits, fines, and most importantly, loss of patient trust."
Biometrics for logical access control are more protective of privacy than passwords.

One Bio, Two Metrics

Finger vein, print scanner on the same sensor (Engineering News - South Africa)
The device maps the minutia of a person’s fingerprint, as well as the vein network in the second phalanx of the same finger. The company’s algo-rithms then compare the results with a database, either using the data to identify a person as belonging to a group, for example employees or technicians, or to verify a person’s identity when used in conjunction with cards, personal identification numbers and common security measures, which improves security and reduces the likelihood of fraud.
Two modalities on the same sensor and using the same body part, neat.

Canada, UK Deepen Five Country Conference Relationship

Canada-United Kingdom joint declaration: “A Stronger Partnership for the 21st Century”

Securing our Countries
We will continue to work with Afghan and international partners to help build a more viable country that is better governed, more stable and secure, and never again a safe haven for terrorists.  Through the training of Afghan National Security Forces (ANSF), regional diplomacy, and development assistance, we are working to help enable the transition of security in Afghanistan to the ANSF by the end of 2014.

We will create greater interoperability between our defence forces and deepen cooperation on procurement and capabilities, to be enabled in part by a Memorandum of Understanding (MoU) on Defence Material Cooperation, existing MoUs and the “Partners in Defence” dialogue, which will draw on the lessons of current and recent national and NATO-led operations.

We will strengthen our counter-terrorism collaboration, in particular in the Horn of Africa, the Sahel and South Asia, including our efforts to tackle terrorist finance activity in third countries.

We will advance shared objectives on migration, including through the Five Country Conference on biometric and other information sharing and service delivery partnerships.

Building on the excellent relationship following evacuations of our nationals from Libya and Egypt this year, we will improve cooperation on consular services through joint contingency planning in third countries, and through staff exchanges between our Crisis Centres.

Speedier Fingerprint Matching through Classification

Accurate, automatic fingerprint classification would yield faster search results in large databases (The Star - South Africa)
“In fingerprint recognition, fingerprint templates normally sit in a database, so when going through an identification process, the system has to sift through thousands, if not millions, of templates, making the system slow in yielding results.

“A classification module essentially breaks down the overall database into smaller, manageable chunks to improve the performance of a fingerprint recognition system.

“Both the extensible fingerprint classifier and the pseudo-singular point detection module will allow the system to be extremely fast and accurate when a database search is conducted. This will add to the overall efficiency of a fingerprint recognition system,” he says.

The CSIR is working towards realising an identity authentication system through biometric research and development. South Africa desperately needs this capability because of crimes such as identity theft.
The technical part of this article is interesting. It illuminates a strategy to deal with the effects database size have on search speed.

The sketch of the scientist, Ishmael Msiza, and what motivates him is interesting, too.

Thursday, September 22, 2011

Burgeoning Facial Recognition: How come no pitchforks?

In the previous post, I linked an article about how facial recognition technology is really taking off.

M2SYS, made very subtle observation on the article:

In other words, "How come no pitchforks?"

He's right. New technology is often feared. In the case of biometrics, there have been those who have seen fit to feed that fear. Biometrics' association with security, and hence, authority would seem to put it right in the nexus between fear and fearmongering. Furthermore, the article's author chose examples of facial recognition applications that have gotten a lot of public attention and might be considered avant-garde to say the least. But so far, most public reaction seems to come somewhere between "cool" (Scene Tap), "that was dumb" (Facebook), or "about time" (London riots). Public comment has been rather moderate and even in tone. What gives?

I think there are several reasons why new facial recognition deployments are rarely met with scorn. Some are related to what it means deep-down to be human, and some are more practical.

♦ Except in a very narrow sense and among a very few cultures, a face is not, nor has it ever been, considered private. In the vast majority of times, places and cultures it has (like "name") always served as a proxy for an individual public identity. This fact is embedded in languages and useage all over the world. "He can't show his face around here anymore." "She really lost face." "They tried to save face."

♦ It's also probable that the vast majority of people intuitively understand the difference between privacy and anonymity. Privacy is the ability to keep things about yourself secret. Anonymity means "without a name". Privacy is a time-honored value that is nearly universal in city-building societies. Anonymity, freeing one from public scorn for one's non-private actions, has probably only been accessible to the masses in the relatively narrow space between the industrial revolution (that enabled rapid transit and the megalopolis) and the information age which seems to be making anonymity much harder.

♦ Marketers aren't stupid. When interractions aren't strictly voluntary, anonymity can act as a salve and biometrics can improve the efficacy and customer experience of marketing. Marketers know this and in a competitive marketplace the cost of mistakes is high. [After I've read it as well, and assuming the Phillip K. Dick story is similar to the movie, I'll write a detailed piece on how those who use Minority Report to say anything serious about biometrics profoundly misunderstand both Minority Report and biometrics. In the movie, the advertising posters were calling the name of John Anderton's eyeballs' former owner. Not only did this make the ads useless, it was also super-annoying to John Anderton. I would never go in a store where that happened and I doubt I'm alone.] The type of technology driving the variable ads is nothing like Minority Report. In fact, it's not really face recognition in the first place. It's really more demographic (in the marketing sense) recognition. It's non-individual (anonamous even) which is what makes demographics useful. And it's helpful. Even without biometrics, I see fewer ads for products I am not in the market for. Now if biometrics can just do something about all the perscription drug and trial lawyer commercials, I'm all for it.

♦ There have been no high-pofile victims of facial recognition gone awry — not that there won't be. It's easy to imagine that someone in a witness protection program or a high-value political defector might be tracked down and murdered in part using a facial recognition dragnet. Those people may want to swing by the CV Dazzle site for some face-rec-beating fashion tips. But it hasn't happened yet.

♦ Last (for now) but not least: After 9/11 there was a lot of overpromising an underdelivering about biometrics. A lot of money changed hands and a lot of people got egg on their faces. Still, they say "it's an ill wind that blows no good." The up-side of this bad history is that the public has had ten years to get used to the idea of what facial recognition applications are only just now begining to deliver. I think there's a sense among the public, at least on the security side, of: "I thought they were doing that already."

Facebook Photo Matching Is Just the Start

Facial recognition tech moves into law enforcement, military use, targeted advertising, and onto the streets of your town. Will your privacy be a casualty? (PCWorld via @m2sys)
Of course, the government and large private companies have had access to facial recognition software for years. The pressing question today is what happens to privacy when everyone has access to the technology? Already smaller businesses--and even private individuals--are developing sometimes amazing, sometimes very creepy uses for security-focused software.
This is a wide-ranging article that does a good job of pulling together examples of how facial recognition technology is being applied by all sorts of people for all sorts of purposes.

Some of the examples are a little strange (though they all received plenty of press attention) but I guess that's part of the point.

The Securest Home in America

You could buy the fortress that some consider the most secure home in America for just $5.9 million (MetroWest Daily)
The home has extensive surveillance, and biometric scanners for all entry points. The home also has two secret panic rooms to escape from intruders, and two “safe cores” that are invisible and fully isolated from the rest of the house. These safe cores provide a retreat during a potential nuclear or biological attack.
There's a photo of the Los Angeles mansion at the link.

Click here for photos of the Poland safe house mentioned in the article.

FTC Workshop Examining Burgeoning Use of Facial Recognition Technology

Facial recognition technology on the rise as governments increase use (Network World)
The agency said the workshop will look at many topics including:

• What are the current and future uses of facial recognition technology?

• How can consumers benefit from the technology?

• What are the privacy and security concerns surrounding the adoption of the technology; for example, have consumers consented to the collection and use of their images?

• Are there special considerations for the use of this technology on or by children and teens?

• What legal protections currently exist for consumers regarding the use of the technology, both in the United States and internationally?

• What consumer protections should be provided?
All good questions. Much more at the link.

Wednesday, September 21, 2011

United States and Belgium Sign Agreement to Prevent and Combat Serious Crime

Agreement includes the exchange of biometric information (Investors Business Daily)
Under the agreement, Belgium and the United States will leverage state-of-the-art technology to share law enforcement data, including fingerprints, to better identify known terrorist and criminals during investigations and other law enforcement activities. The agreement authorizes the use of specific mechanisms for sharing vital information to help prevent serious threats to public security, and requires measures to ensure the protection and privacy of citizens in both countries. In fact, the PCSC contains numerous provisions pertaining to the handling, sharing, and retention of relevant data, all designed to ensure privacy and data protection.
Like with yesterday's post, India: UID is the Easy Part, obtaining the data is only a first step toward using the data. Using the data often requires non-technical solutions such as mutual agreement among interested parties.

FBI Gathers Volunteers' Handwriting Samples at WVU

WVU collects handwriting samples (The Daily Athenaeum)
During the first session, volunteers included hundreds of students, faculty and community members.

Those participating were first asked to fill out release forms that asked for consent to use their handwriting data in published papers and other studies.

Volunteers were given identification numbers and promised they would stay anonymous.

"They're all identified by random numbers, so we don't know names, but they can tell which each individual wrote what," Williams said.

Next, they were asked to copy the same paragraph three times.

Volunteers were asked to write a 2,500-character story about one of four given prompts. After they were finished, volunteers were given a $50 Visa gift card for participating in the study.
Earlier post: West Virginia: FBI seeks local volunteers for handwriting project

Tuesday, September 20, 2011

India: UID is the Easy Part

India, UID and the challenges of linking everything together (Economic Times)
A World Bank study released earlier this year enumerated the rot in Indian welfare programmes. About 91% of subsidised grain meant for the poor in Bihar never reached them. Only 32-51 % of the pensions for the elderly, destitute, widows and the disabled reached them.
The facts above demand bold action and India has begun an unprecedented effort to create a biometric ID for everyone. Providing a legitimate legal ID for everyone is a necessary condition for a modern society but, in itself, it is not sufficient to deliver the higher standards of living and social mobility Indians deserve. Creating the ID simply makes addressing other, second-order challenges possible.

India is starting to encounter and confront some of these second-order challenges such as:
♦ How to offer universal access to banking services
♦ How to tie ID, banking and government services together
♦ How to harmonize operations among different identity management, government and financial organizations

The linked article comes off as a laundry list of gripes but perhaps it should be read in a positive light. As long as there are new Indians entering the world, the UID project will never be complete. But even after the UIDAI completes the enrollment process for all currently-living Indians, India will still have a long way to go to realize its own vision of what it can become. Without UID, it can't even begin the journey.

As technologically, logistically, politically and organizationally challenging as the UID project is, it's the easy part. It makes tackling even harder problems possible.

The fact that UID is bringing other, even bigger problems into focus is a symptom of the program's success.

UPDATE: via @M2SYS & @Allevate
Amol Sharma of The Wall Street journal has an interesting complement to the above article that provides some great numerical context for the UID project.

UID Behind Schedule, But Cash Isn’t Why (Wall Street Journal)
Still, there are some positive signs of progress lately. In July, 7.8 million people were enrolled; that accelerated to 12.9 million in August, or about 416,000 people per day. The challenge is to pick up the pace slightly and then sustain it for a long time. To reach the project’s next big target of signing up 600 million people by the end of 2014 Mr. Nilekani’s team will need to enroll closer to a half million people every day, on average.

Monday, September 19, 2011

Gene that causes people to be born without fingerprints discovered

Identity management word of the day:

Adermatoglyphia (or Immigration Delay Disease) - a genetic condition responsible for a lack of any grooves or patterns on the hands and feet.

Fingered out: Gene causes birth without fingerprints (Daily Mail - UK)
Like DNA, fingerprints are unique to each person or set of identical twins and that makes them a valuable identification tool for everything from crime detection to international travel.

They are used for identification because they are fully formed 24 weeks after fertilisation and do not change throughout our lives.

Only four documented families are known to suffer from the disease worldwide.

It isn’t only fingertips that have patterned skin, says professor Sprecher. Palms, toes and the soles of the feet also feature these ridges, called dermatoglphs.

Facial Recognition Experiment to Identify Hooligans Among Football Supporters Groups in Sao Paulo State

FPF project tests biometric identification of hooligans (Fórum Biometria - Portuguese)
Corinthians vs. Santos: Football Federation to experiment with biometric identification to punish vandals; If it works, it will be deployed across the country.

The Paulista Football Federation (FPF) in the classic match-up between Corinthians and Santos, next Sunday in Pacaembu Stadium, facial recognition biometrics developed by an Israeli software firm will be used to identify bullies in the crowd. The FPF initiative is aimed at ending the anonymity of rowdy fans through facial recognition of images captured on cameras at the entrances and inside the stadium with the idea of punishing the individual fan instead of the supporters group (torcida) or team.
Pacaembu Stadium Source: Wikipedia
The "Big Brother of the stadium" is being offered to the Ministry of Sports and, if successfully implemented, will be used throughout the country. The Ministry already has a budget of just over R$6 million [US$ 3.42 million] set aside for investment in stadium security, which is under the management of the Football Union.

"We will be monitoring using our database of the supporters organizations. This is breaking the anonymity of people [who scuffle] who we can then identify by their face. We will identify and punish [violence committed] in and around the stadium," said Colonel Mark Marino, Chairman of the FPF's Committee of Arbitration.

Under the plan, to enter the stadium, members of organized fan groups must present a card from the FPF to a uniformed police officer, which identifies him as a member of the torcida. If the facial identification project is approved, this accreditation will be the basis for the formation of a database, which, along with facial biometrics which will identify those who fight or commit acts of vandalism in the vicinity of the stadium. They will receive an immediate suspension and will be barred from future matches until their case is judged.

Mark Marino points out that the project does not relieve the responsibility of teams and supporters groups to control their members. The punishment will be applied to an individual fan or a small group if they are triggering the confusion. However, if widespread riots occur, the entities [teams and torcidas] will be punished.

"We are treating them [the torcidas] as organized entities. They are not only informal groups and they have a duty to cooperate with security."

This biometric identification system is already used at some airports, but has not yet been tested in stadiums. In the classic ["big game"] on Sunday, only the Santos fans will be the "guinea pig" for the experiment, since, because they are the visiting side, they will be fewer in number, making the first step of the project simpler.
Source: Globo Esporte
Translation: Mine with assistance from Google Translate

A decent description of Brazilian torcidas or supporters groups is available at Wikipedia.

You can get a feel for what a torcida (Corintians' Gavioes da Fiel) sounds like (YouTube)

And here is a video showing some of what goes on in the torcidas which provide some of the greatest spectacles in all of sports. (If this is new territory for you, it'll blow your mind)

But there's also this: Furious Corinthians Fans Go On Rampage After Copa Libertadores Exit ( - Feb. 3, 2011)

In order to preserve the great things supporters groups bring to Brazilian football, some of the negative aspects must be addressed. It's also highly likely that some in the leadership of groups themselves will appreciate the assistance in "policing their own." It's really hard to prevent a few bad apples from using big, and sometimes loosely organized, organizations as cover for their own version of "Fight Club" or worse.

Match Result:
Santos defeated Corintians 3-1 (w/ video)

Friday, September 16, 2011

An Odd Identity Management Challenge: Mystery Boy Emerges From German Woods

Says he lived in forest with father for five years (NBCChicago via Drudge Report)
“We have never seen anything like it,” Maass said. “We have no evidence to contradict what he has told our colleagues at the youth services, although we are still investigating, and very much want to find out who he is.”

Goode Intelligence: Growth Ahead for Mobile Biometrics

Significant growth ahead for mobile biometric security market (
This growth, says the report, will come from two technology groups: embedded mobile biometrics, including fingerprint sensors embedded by device manufacturers; and third-factor authentication, centering on mobile biometrics used in combination with multi-modal authentication solutions, and in particular voice-based biometrics.

Biometric System Integration: New Counterterrorism Datamart

Counterterrorism effort gets new tech (Federal Computer Week)
Furthermore, the center increased its ability to store, compare, match and export biometrics such as fingerprint, facial images, and iris scans, he said. He added that the center continues to honor all civil and privacy protections.

Before December 2009, analysts at the center worked manually to search and integrate information residing on various databases. Now the center is working to bring those databases together into the Counterterrorism Data Layer, a single environment in which data can be searched and analyzed.

“For the first time, NCTC analysts can search across key homeland security and intelligence information and get back a single list of relevant results,” Olsen said.
It's one thing to install a biometric system in a single location. It's quite another to tie together several geographically dispersed systems that use different biometric modalities and the offerings of many different biometrics providers.

There are technical integration challenges. Security challenges involving the security of the data as it moves from node to node as well as logical access control at legitimate nodes.

As daunting as the technological challenges are, the human challenges may be more significant. Getting different bureaucracies to cooperate in this manner is a very difficult management task.

The government case is instructive because if a given organization is large enough to profit from an integration effort, it will confront these issues.

Thursday, September 15, 2011

Canada: Biometric Passports by the End of 2012

Canadian individuals and organizations have made extremely valuable contributions to the science and commercialization of biometric ID management technologies.

Canada has been experiencing robust immigration for several years, now.

60% of adult Canadians have a valid passport.

So, I was surprised to learn that Canada is to be the last G8 member to adopt biometric passports.

Last G8 Nation with Improved Documents (Montreal Gazette via @m2sys)
Canada's long awaited ePassports will be ready by the end of 2012, making this country the last among G8 nations to have enhanced digital security measures on the documents.

UPDATE: The linked article seems to conflate "ePassport" with "Biometric Passport." For a variety of reasons this is confusing and, in my observations, I compounded the confusion instead of clearing things up.

An ePassport has a chip.

With or without a chip, facial recognition can be applied to the picture on a passport for comparison to the person presenting the passport.

The ePassport's chip adds another layer of security because the picture on the chip has to match the photo in the document has to match the person presenting the document. A fraudster would have to hack the document and the chip with their own photo to counterfeit the ePassport. The US ePassport chip does not store fingerprints. Canada's won't either. So, facial recognition is the only biometric in the discussion. An ePassport, therefore, is not definitionally the same as a biometric passport.

Biometrics can be applied to both an ePassport and a pre-ePassport.

There was also some question as to whether the US was ahead or behind Canada in the adoption of biometrics applied to passports or the issuance of ePassports.

The US State Department has issued only ePassports since 2007:
Can a request be made for a new passport to be issued without a chip?
No. Since August 2007, all domestic passport agencies and centers issue only e-passports.
So that may be why the Montreal Gazette describes Canada as the last G8 country to issue "Biometric Passports." I suspect they mean ePassports.

This conflation of Biometric- and e- Passport, however, didn't originate with the Montreal Gazette as this Airport International article from 2006 describing facial recognition applied to ePassports in the UK indicates.
Over 13 million people in the UK hold biometric passports, which feature a microchip containing biographical information and images.
It's looking likely to me that the application of facial recognition to passports arose at about the same time as storing photos on the chips of ePassports and that the digital image stored on the chip has been the primary input into facial recognition applications. So while ePassports and Biometric passports aren't literally or necessarily the same thing, practically (at least in the G8) they always have been.

Hopefully that clears things up a little. I welcome any feedback on Twitter (@SecurLinx) or at

Biometrics vs. Biostatistics

[UPDATE: An uptick in recent articles like this one made me want to revisit this post. A quote from the article:
Ford showed off a prototype of this future health system, developed by BlueMetal Architects, at CES. The system will be able to capture biometric data from devices such as pacemakers and glucose monitors, and will also be able to accept voice input from the driver [emph. mine].
Maybe the term "biometrics" has a marketing cachet that "biostatistics" lacks; maybe for reasons of economy, journalists preserve to save ink, pixels, space and keystrokes.

The original post follows...]

We've danced around this topic a couple of times in the past (see links at the end of this post).

Biometrics and Biostatistics, the difference is subtle.

Biometric = body measure.
Biostatistic = body status, state, or condition.

[I'm no Latin scholar so I don't want to go to the mat for these definitions, but keeping them in mind helps me make sense of things when I read about all the uses for "biometrics" in health care and the health insurance industry. If there are any Latin (language) scholars out there who have interest and insight into this question, I'd love to hear from them.]

Biometrics for identity management concern facts about the physical human body that don't change (or don't change much) over time.

Biostatistics, on the other hand, are useful precisely because they change, sometimes radically over short or long time-frames.

Health care uses both biometrics and biostatistics. Health care providers use biometrics such as fingerprint and iris scanners for patient records management and logical and physical access control. They use biostatistics such as heart rate, weight, and EEG's, etc. for diagnostics, monitoring progress and assessing outcomes.

The Security sector is also seeking ways to use quantitative biostatistics to achieve better outcomes. I added the "quantitative" modifier because in many ways human beings have used non-quantified biostatistics (observations of behavior, for example) for security purposes since, well, forever. We all know what someone means when they say that someone else was "acting suspiciously".

The computerized, measurement of biostatistics for security purposes, is at least as old as lie detectors. The novelty described by the article linked below is in bringing lie detectors out of the rigorously controlled laboratory environment and into more chaotic situations.

Face-reading lie detectors to be tested at UK airports (
The dual cameras in the system observe changes in facial expression and blood flow, with the first camera spotting signs of deceit such as lip-biting, nose-wrinkling, blinking and Freudian slips, and the second thermal imaging camera measuring flushing and blood-flow patterns around the eyes.

See also:
Behavioral Biometrics or Public Lie Detectors?
Mal-intent may be the future of security

Wednesday, September 14, 2011

Overstaying US Visa Gets Harder

Until recently, there was a backlog of 1.6 million people who had overstayed their visas in the country. (MSNBC - Dead Link)

From the Washington Post... (Dead Link)
The 9/11 Commission saw the visa system as a major vulnerability and recommended completing a biometric system that would log immigrants out as they left the U.S. This program, however, was never fully implemented.
I think a lot of people would be surprised to learn that a comprehensive automated system for recording the departure of visitors wasn't in place at US entry and departure points. It's the kind of thing people just assume happens as a matter of course.

Biometrics can help to automate and audit this process at a reasonable cost.

See Also:
Multiple ID's But Only One Face
How DMV Face Rec Can Prevent Identity Theft

Armenia Announces Plan for Biometric Passport

Deputy Chief of the Armenian Police Introduces Law on Passport (A1+ - Armenia)
Biometric data include fingerprinting, iris scanning and digital photos.

Osikyan says the introduction of biometric passports will exclude fake passports and prevent the free movement of terrorists and criminals. At the same time, it will facilitate access to European countries.

Tuesday, September 13, 2011

MSU Technology Detects When Fingerprints Have Been Altered

Michigan State researchers break ground in fingerprint technology (
“Because of (the) increasing use of fingerprints at (international borders), many individuals who have prior criminal records purposefully alter their fingerprints so that they don’t get matched to their prior fingerprints in the databases,” Jain said.

The most common methods to alter fingerprints are either by biting them, cutting down the center of a finger or burning them off — similar to the way Will Smith’s character does in the movie “Men In Black,” he said.
The Michigan State technology detects altered fingerprints. Knowing that a fingerprint has been altered is valuable information. An investigator that receives a "No Match" result but a note that the fingerprints may have been altered, will be in a much better position than an investigator who simply received a "No Match" result.

How DMV Face Rec Can Prevent Identity Theft

Washington Sate Program suffers setback (
Last October the Department of Licensing struck back by rolling out facial recognition software that runs biometric scans of each of the 14 million photos in DOL’s database. The software trolls for duplicate photos. ...

The results of DOL’s photo scans are staggering.

Investigators are now looking into 5,000 cases of people whose photos appear on more than one current license or ID card.

They've already suspended 402 licenses and referred 13 cases for criminal prosecution as they continue to pour through leads generated by the computer.
Programs like this can confer great benefit to society. This program, however, has hit a legal snag that erodes the usefulness of the program. Full story here.

See also:
Multiple ID's But Only One Face

Monday, September 12, 2011

Biometrics for Time-and-Attendance aren't that Controversial

Store giant using finger scans (
The fingerprint sensor identifies unique minutiae points and measurements within a fingerprint and creates a digital template -- not an image -- for matching."

The Australian Services Union has raised concerns about the City of Monash's plan to introduce the scanners in its libraries next month.

The concerns include questions about where the personal information will be stored and what will happen to it when employees leave the job.

Those concerned about an employer's ability to keep private information private have far greater causes for worry than biometric time-and-attendance systems.  Moreover, worker privacy may be enhanced by greater adoption of biometric ID management technologies.

Employers already record an employee's: 
Legal name
Home address
Government issued tax ID number
Salary and other income information
Performance Reviews and Disciplinary Records

An employer that provides health benefits may also have private information related to the employee's: 
Sexual identity
Certain medical conditions
Drug and Alcohol counseling

When pay checks are deposited directly to employee bank accounts, the employer also has bank account information.

Employers already have extremely sensitive information that, in the wrong hands, can be used for identity theft, harassment, discrimination and any number of other abuses. A long string of apparently random text characters (biometric template) cannot be used for any of these things.

Where employers maintain such detailed records on their employees, legal remedies should be available to individuals who have been harmed by the unauthorized disclosure of private information. When compared to these and other workplace privacy threats, concerns about time-and-attendance biometrics fade into insignificance.

After all, Woolworths, the company in question, has been using them without incident for 15 years.

Those who have concerns about the quantity and nature of the personal information maintained by employers might find a privacy ally in biometrics.

Biometrics can and are used to control access to sensitive information, helping to ensure that sensitive records are accessed only by those authorized to view them.

See also: Do Employees Have a Right to Refuse Enrollment in a Biometric System? (M2SYS blog)

Ireland: Biometric Welfare Anti-Fraud Measures

Social welfare crackdown: Joan Burton’s new fraud measures (
Social protection minister Joan Burton is to announce a further crackdown on those engaged in social welfare fraud. The minister said she hopes the new initiative will save the state €625m. "Most of the people on social welfare are as honest as the day is long...but their position is being undermined by people scamming the system. It's a small number of people but it's very important," Ms Burton said on RTE today.
See also: Multiple ID's But Only One Face. The back-end database de-duplication is very important in sussing out multiple credentials issued to one individual.

Friday, September 9, 2011

South Korea: Biometrics and Airport Self-Service Reduce Hassle, Increase Efficiency

Verifying travelers via facial recognition ( via @m2sys)
First launched in 2006, the system encompasses eight self-service operations, including u-self check-in, u-bag drop, u-immigration and u-boarding. Under the system, said Park, check-in now takes less than three minutes, getting through the boarding gate takes less than 15 seconds and document-checking takes less than 20 seconds.

Identity Management: Deep Thoughts from Abraham Lincoln and Harpo Marx

Personal identity crisis (Economic Times)
Biometric IDs now include stuff like palm prints, voice recording, iris scans and DNA fingerprinting. Yet, as honest Abe would say, none of them look a "blamed bit" like the person we are to people who know us.

Thoughts on Privacy, Security, Commercial & Social aspects of Facial Recognition by Carl Gohringer of Allevate

Am I being watched? Doubtful. Am I being recorded? Almost certainly.

Carl Gohringer takes a tour of the many applications of facial recognition technology and never has to leave the airport. It's well worth the read.
It seems that every new technology brings a realisation of new benefits and efficiencies, countered by a plethora of malicious uses of the technology by the less desirable elements of our global society, quickly followed by counter-measures and protections. This is a saga that we are all already familiar with in our daily lives. Examples range from the severe and extreme of nuclear medicine versus atomic weapons, through to online credit-card shopping versus financial identity theft. I’ve recently had a credit card used for over £3,500 of illegal transactions. Though this incident was highly inconvenient and disruptive to my life, I did not hesitate to accept a replacement card. Not to do so would have unacceptably disenfranchised me from modern society.

Back to face recognition. It hasn’t taken long for business minded technology companies to devise a whole range of new uses of this technology, all focussed on delivering bottom line business benefit. Almost as quickly arrive the cries of the privacy advocates. I’ve been reading with interest the sudden explosion in main stream news over the past few months highlighting new uses of face recognition, while very carefully considering the concerns vociferously raised by the technology’s opponents. A key fact often cited is that the technology is not 100% accurate. Even an excellent identification rate of 97% can produce a significant number of false identifications and / or missed identifications in a large sample population.

Thursday, September 8, 2011

Melbourne Area Libraries to Debut DNA-Vein Time Clocks?

Melboure, Australia has given the world a lot: Kylie Minogue, Cate Blanchette, the 1956 Summer Olympics, Rio Tinto, and the Melbourne Fringe Festival. Today, if the Australian Associated Press, is to be believed, Melbourne (Monash, really) is on the brink of giving us (or rather its librarians) a time and attendance system unlike any the world has ever seen.
Monash City Council's human resources department came up with the plan, which would require library staff to provide DNA samples and have their veins scanned using pattern-recognition technology to clock on and off for a shift. (AAP)
This is amazing. A multi-modal combination DNA-Vein biometric time clock will make for exceedingly accurate record keeping and a high assurance that the library staff are being paid only for time actually worked.

Some, however, may wonder why the libraries need a vein scanner attached to their DNA time clocks. That, gentle reader, is because identical twins have identical DNA. Identical twin librarians using a DNA time clock would quickly find themselves in a scene worthy of a Eugène Ionesco play:
Twin 1: G'day twin. Lovely day to be a librarian. (clocks in with DNA time clock) Ouch!
Twin 2: Right you are, Twin! (clocks Twin 1 out with DNA time clock) Ouch! (they both proceed to the stacks)
Head Librarian: Crikey! What are you two doing here? The attendance record shows that one of you was here for 5 seconds this morning.
Twin 2: No, Ma'am. We've both been here since 8:30.
Head Librarian: Well, that's not what it says here. 

Well, perhaps more Monty Python than Eugène Ionesco, but you get the picture. The vein reader attached to the DNA time clock is absolutely necessary to prevent these and other potentially embarrassing and time consuming situations from vexing library staff.

Additional Information:
Neither of these two straight news pieces mention DNA at all:

Finger scanners to keep tabs on librarians (ABC)
Melbourne council searches in vein for tardy staff *(  

David Heath at IT Wire seems pretty sure that the explanation for the Australian Associated Press story is other than that someone has invented a DNA-Vein time clock. You'll have to click through to see his explanation for yourself.

In the light of this additional information I must acknowledge the possibility that the Australian Associated Press writer who penned the above linked article is mistaken about biometrics as well as the possibility that DNA time clocks (with or without vein scanners) don't exist.

*Bonus: New (to me) biometrics pun! 

Wednesday, September 7, 2011

Australia: English test centre adopts biometric data to prevent identify fraud

Measures against fraud, including a fingerprint scan, have been introduced at one of Australia's biggest English language test centres (The Australian)
A good IELTS result can make the difference for a former overseas student seeking to stay in Australia as a skilled migrant. Nine people, including a former Curtin University employee, have been sentenced for bribery offences related to a 2009-10 trade in fake English test results at Curtin University's IELTS centre in Perth.

Canada's Customs & Immigration Labor Union Lobbies for Facial Recognition

Customs and Immigration Union Calls on Government to Ensure Immigration Enforcement Reforms Are Effective (
The CIU has long been an advocate of improved screening and enforcement measures including advocating the deployment of a modern facial-recognition biometric lookout system at all points-of-entry, and by recommending a reduction in the number of repetitive regulatory reviews and appeals available to non-citizen convicted criminals and to those deemed to be a security threat making them inadmissible to Canada.

Tuesday, September 6, 2011

Security Systems of the Future

The intelligent face of surveillance systems (The Australian)
Australian researchers are working on a way to use soft biometrics such as estimated height, weight, skin and hair colour to identify a particular person in video footage...
Associate Professor Fookes said despite video analytics systems, which did motion detection, unattended baggage detection or intrusion detection, high-level tracking and recognition was still some way off.
I'll second Professor Fookes. These automated systems are indeed pretty far down the road. Related thoughts:
Biometrics, Object Recognition and Search

Unique Identification Authority of India's enrolment process vulnerability

The Home Ministry has identified flaws where UID numbers were issued on the basis of false affidavits (Economic Times)
"Cases have come to light wherein enrolments were being done on the basis of affidavits which were being sold by unscrupulous persons without any verification," the ministry has warned in a note to the CCUIDAI, stressing that UIDAI registrars enrol residents on a 'walk-in' basis, based on documents whose authenticity is not checked.
India's UID Project is meant, in part, to ameliorate the societal damage caused by endemic corruption. It is therefore little surprise that the Unique Identification Authority of India (UIDAI) faces a risk that its mission will be complicated by corruption.

Of course, the amount of database "garbage in" should me minimized. But there are also some powerful auditing tools available to the UIDAI for ongoing database management to detect double enrollments, etc. The UIDAI's job will be ongoing. It will not end when the current population is enrolled.

Malaysia: 2.3 million foreign workers registered under 6P

2,320,034 workers registered: 1,303,126 Illegal; 1,016,908 Legal (
Hishammuddin said the biometric exercise was implemented to streamline the management of the foreign workers and wage war on international syndicates involved in human trafficking as it could affect the security of the country.

Global Market for National Electronic ID Programs to Reach $11 Billion Annually by 2013

Acuity Market Intelligence Reports that Europe has the Highest National eID Country Adoption Rate, While Asia Dominates the National eID Market in Volume and Revenue Share (PRWeb Press Release)
Acuity Market Intelligence
Acuity Market Intelligence today announced that a dramatic shift from traditional National IDs to National Electronic IDs (eIDs) would generate more than $11 billion dollars in annual revenue by 2013. While the total number of countries with some form of National ID program is projected to increase just 11%, growing from 126 to 140 between 2010 and 2015, the number of countries with National eID programs will grow from 67 to 114 over the forecast period, an increase of more than 70%.

Friday, September 2, 2011

Replacing the punch card with face scanning

Replacing the punch card with face scanning (
Employees can forget punch cards and finger scans. Now they can stand in front of a small machine, and in 2 seconds or less their face is scanned and they are punched in for work.
The product discussed in the article is called FaceIN, not FacePunch.

One Cannot Improve Human Beings but One Can Improve Systems

In the spirit of the Wired article we drew attention to on Tuesday comes another thorough overview of India's UID project.  

Unique Identity Scheme: India scans 2.4 billion eyes ( 

Here are a couple of choice quotes:
The identity project is, in a way, an acknowledgment that India has failed to bring its poor along the path to prosperity. India may be the world's second-fastest-growing economy, but more than 400 million Indians live in poverty, according to government figures. Nearly half of children younger than 5 are underweight.
"One cannot improve human beings," said Ram Sevak Sharma, the director general of the identity program. "But one can certainly improve systems. And the same flawed human beings with a better system will be able to produce better results."

Multiple ID's But Only One Face

Facial scans lead to suspects in luxury car scam (Houston Chronicle)
These purported businessmen had opened multiple bank accounts under different fake names, using counterfeit immigrant visas, claiming to be from places like Germany and Austria and listing Houston motels for their home addresses, authorities said. But the one thing that they couldn't fake eventually did them in: their faces.
Con-men often have multiple ID's issued by various jurisdictions. One ID will represent each criminal persona (usually a stolen identity) and the con-man will have his true identity, which he will attempt to keep clean. But in order for this to work, the criminal needs to be able to get their real photo onto each ID and (if possible) have it issued from a legitimate authority.

Enter facial recognition. Facial Recognition offers the ability to combat this type of fraud by making the photo of the face a search term in a database search. If you enter the face and get six records returned, you're on to something. The type of system and investigative process described in the Houston Chronicle article not only protects consumers from the types of fraud described in the article; it can also help victims of identity theft regain some control over how their personal details are used.

Thursday, September 1, 2011

CV Dazzle: Public Anonymity through Fashion

Camouflage from Computer Vision (
CV Dazzle is camouflage from computer vision (CV). It is a form of expressive interference that combines makeup and hair styling (or other modifications) with face-detection thwarting designs. The name is derived from a type of camouflage used during WWI, called Dazzle, which was used to break apart the gestalt-image of warships, making it hard to discern their directionality, size, and orientation. Likewise, the goal of CV Dazzle is to break apart the gestalt of a face, or object, and make it undetectable to computer vision algorithms, in particular face detection.
In response to the increasing popularity and dependability of facial recognition systems, there is an avant garde movement that seeks to join computer programmers, fashion designers, and stylists in an effort to maintain the option of public anonymity in a world of public facial recognition.

You have to admit, this
 is a way more interesting way to thwart face rec than this.

Photo: Bank of America
Check out their site. There are a lot of cool images there — sort of  Lisbeth Salander meets nouveau punk — as well as some good information about face recognition.

But what happens to the future Dazzler who wants to use a multi-modal face and voice recognition ATM on the way to their face rec-accessible office?

Malaysia: No extension to amnesty timeline

The Home Ministry will not extend the deadline today to register illegal foreign workers under the 6P amnesty programme (The Star)
Hishammuddin said response to the registration exercise was better than expected, with over two million legal and illegal foreigners coming forward voluntarily to register. “We knew that there were bound to be problems and it is not 100% perfect. But what is important is that we are on the right track,” he added.
It's great to see that adopters of biometric identity management technologies are taking Return on Investment (ROI) rather than perfection as the relevant performance metric. If the resources saved in the improvement of a mission-critical process are greater than the costs associated with the implementation, the change should be made.

But, this article has so much more than a nugget of ROI. It has death threats, human trafficking, organized crime, huge numbers of enrollments and ROI.
Meanwhile, Hishammuddin said he believed that his recent death threat could be from a human trafficking syndicate in relation to the biometric registration of foreigners.
Good luck to Datuk Seri Hishammuddin Hussein and to the country of Malaysia.

West Virginia: FBI seeks local volunteers for handwriting project

Pizza and Fifty Bucks (The Daily Athenaeum)
The Federal Bureaudatabase. [sic.] of Investigation is looking for West Virginia University students to volunteer for a handwriting study which will contribute to a growing biometric The study will dissect anonymous volunteers' handwriting and allow the University's forensics department to learn the importance of handwriting in solving crimes. ... "In order to promote interest in the program, coordinators will compensate participants with a $50 VISA gift card and pizza during sessions," Caridi said.
My guest post at the M2SYS blog touched upon the fact that developers require large data sets in order create and test their biometric matching algorithms. Here's an example of how they collect the data they need.