Tuesday, November 29, 2011

(Facial Recognition vs Human) & (Facial Recognition + Human)

Terrorists picked out in a crowd by cameras that can beat human eye (This is London)
Mr Bada was given five minutes to memorise 30 faces before six of the subjects mingled with crowds at Charing Cross railway station and walked past a fixed point.

The Met expert was able to pick out two while the Face Alert camera spotted four. Tim Noest, the managing director of Lodge Service Intelligence which makes Face Alert, said two of the faces were obscured by crowds.
Humans are awesome at ID management among people they know. The processes people use to identify people with high confidence are extremely complex and may take into account gender, age, gait, time, posture, scent, sound, weight, location and countless other details processed simultaneously and without necessarily involving a lot of conscious effort. People, however, aren't very good at identity management among large numbers of people they don't know.

In biometrics, software takes in a mere fraction of the information people use and it doesn't make any inference about it. It treats the problem in a way that closely resembles Nikola Tesla's famous critique of Thomas Edison.
“If Edison had a needle to find in a haystack, he would proceed at once with the diligence of the bee to examine straw after straw until he found the object of his search.”
When dealing with people we don't know, humans are relegated to the needle-in-the-haystack process. Even if you believe that computers aren't very good at recognizing people this way, they're better at it than people are.

When biometric software is used to sort a large list by the probability of a match, then present the list to a human such as Mr. Bada, the results can be impressive indeed.

h/t @Allevate

Management Lesson from Nigeria

Biometrics, Ghost Workers, ROI and Sharing the Savings (Vanguard, Nigeria)
It must be recalled that members of the National Union of Electricity Employees, NUEE, had initially opposed the biometric data capturing system introduced by the government, and threatened industrial action if the measure was carried out. The union, however, rescinded its decision after reaching fresh agreements with government on Thursday, regarding the payments of the 50 percent salary increases for electricity workers.
The Federal Government has directed the PHCN management for the first three months of the 50 percent hike in salary, adding “this singular action has cost the entire labour movement an enormous stock of goodwill, as it is so embarrassing and brazen.”

He said that between 30 and 40 percent of the workers in the federal service has been discovered to be fake, since the Federal Government last year directed all ministries, departments and agencies to conduct biometric data verification which entails collection of photographs, thumbprints and staff numbers of employees.
I've used this space over and over to contend that the proper measure for the success of a biometric deployment is not perfection; it's return on investment (ROI).

The reason that so many of the early applications of biometric technology to business processes have been in time-and-attendance systems is because the ROI calculation is pretty straightforward.

Applying biometrics to root out ghost workers in the Nigerian electricity industry should deliver a hefty ROI but it is important to realize that every time an organization saves money, someone who used to get paid isn't getting paid (or isn't getting paid as much) any more. In this case, some of the people receiving the salaries of the ghost workers may also be real workers, too, and their legitimate wages may be very low.

This type of arrangement may even have been met tacit acceptance by managers who had no other way to mete out salary increases but it also opens the door to abuse, theft and a loss of managerial control of labor costs.

Fortunately, cleaning up the payroll frees up the resources to make some people whole while severely curtailing large-scale abuse. Without the ROI biometrics affords, there aren't a lot of good options for addressing the problem without killing morale.

Fortunately, most businesses are not faced with a time-and-attendance challenge where 30% of paid staff don't actually exist, but the above example is instructive nonetheless.

Astute managers might consider setting aside some portion of biometric time-and-attendance ROI to smooth the transition from a system that had a little more slack built into it.

India: Biometric Information Sharing Network to Go Live in 2012

Crime and Criminal Tracking Network and Systems (CCTNS) by early 2012 (Times of India)
"With the CCTNS in place, all information will be available online. Information regarding fingerprints, unidentified bodies, missing persons, stolen vehicles, stolen arms, etc, will be just a click away. At present, if we need information about a suspect, we send intimations to our counterparts in other states. This is a time-consuming process," said Dhiware.
Networked biometric ID management infrastructure gives law enforcement officers a powerful tool to increase the likelihood that criminals can be brought to justice. This is good news for Indians.

The mention of unidentified bodies is worth noting, as well. It's a real, but often overlooked, problem. Biometrics, such as facial recognition, are being applied to cases that have been cold for 40 years or more. In fact, at SecurLinx we're working to help identify the body of a man (likely a U.S. Marine) murdered in the 1960's.

Monday, November 28, 2011

Face Rec & the Russian FSB

Here's a wide-ranging article about facial recognition in general and its use by the Russian security services.

Analysis - A Face In The Crowd: Russia’s FSB Is Watching You (Eurasia Review)
At the Commission for Modernisation, responsibility for the development of biometric systems is in the hands of Working Group No 4, ‘Strategic Computer Technology and Software’, headed by Andrey Fursenko.

But if you look at records of group meetings, it becomes clear that all proposals on the subject come from FSB representatives. For example, on 8 October 2009, when two projects were discussed – one the creation of an automated video system for detection and identification of targets in real time and the other concerned with voice recognition – the group was addressed by Yevgeny Maximov, deputy head of the FSB’s research establishment. Responsibility for both projects was given to the FSB and its director Alexander Bortnikov.

Biometrics In School Cafeterias

Most articles dealing with biometrics in a school cafeteria follow a set formula. This one is different. It covers biometrics, nutrition and other nuts-and-bolts aspects of managing a public school food service business.

Franklin County Elementary Schools Serve Up Modern Lunches (Pennlive.com)
Like other students, Kasey doesn't hand over a ticket to the cafeteria worker in charge of the cash register, or provide a $1 bill and coins. Every day, Kasey places his index finger firmly against a biometric finger scanner. His lunch number, name, picture and lunch stats pop up on the computer screen. That's how all F-M students pay.

Then, it's time to eat.

New Canada-U.S. Border Agreement to be Unveiled by Obama and Harper in December

Those who worked on hammering out the agreement over the past nine months are proud of it (The Globe and Mail)
It will harmonize a plethora of regulations and safety standards in the automobile, food and other industries. It will make it easier to obtain temporary work permits and a trusted-traveller document that will allow frequent crossers to skip the lineup at Customs.

Air, land and maritime inspections will be more fully integrated, and both sides will be able to more easily detect and deter cyber threats.

Tuesday, November 22, 2011

Ghana: On Again, Off Again Biometric Voter Verification is On Again

Biometric Verification is on (The Statesman)
Government and the Electoral Commission have finally yielded to both domestic and international pressure and agreed to compliment the biometric voter registration with biometric voter verification at the polling station in order to enhance the integrity of the 2012 elections.

DARPA’s Developing Sensors to Track You by Your Heartbeat

What will they think of next? (Gizmodo)
Doesn't matter if you're a ninja or a polar bear blinking in a blizzard—if you've got a heartbeat, this new sensor system will find you. It's called "Biometrics-at-a-distance" and does everything but smell your fear.

Saturday, November 19, 2011

Biometrics, Passwords & the Illinois Water Plant Hack Attack

Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says (Washington Post)
The Illinois report said that hackers broke into a software company’s database and retrieved user names and passwords of control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.
Stuxnet was used to attack the centrifuges used by Iran to enrich Uranium and it was most certainly far more than a Username/Password job. This attack, however, (if confirmed as an attack) is "Stuxnet-like" in that the attackers caused physical damage to machinery using only ones-and-zeros and the internet.

This is a big deal. Biometrics can help.

In networked biometric identity management solutions, the biometric sensor hardware is a part of the security. In a Username/Password regime, the hardware used, the keyboard, offers no additional security. A hacker gains access to the network using a keyboard to fill in the proper fields and she's in. If she steals a biometric or unencrypted biometric template (a long character string), she can't just type it in even if she finds the place in the programming that handles the template. In some ways the template is like a password that must come through the proper sensor.

In our water plant example, requiring biometric authentication to authorize turning the pump off and on would have dramatically increased the difficulty of the hack.

But even in a world saturated with biometric ID management applications, Username/Password verification will still be around. For one thing, people aren't the only things that claim an identity before accessing IT systems — computers do it, too, and they don't have biometrics. It's also a cheap, well-understood, flexible technology that supports certain access control models that biometrics does not.

The challenge that system-designers now face is to identify where using Username/Password is too dangerous, and where biometrics can be used to reduce risk to an acceptable level. This requires identifying everything currently authenticated with a Username/Password and a determining which of these things are more efficiently protected using biometric authentication, then implementing the change. This is far easier said than done.

Requiring biometrics for access to stored usernames and passwords would be a good start, though.

US: Banking & Facial Recognition

When financial fraud meets facial recognition, the jig may be up (International Business Times)
Chip McBreen, who leads fraud prevention and security at Members 1st Credit Union in Pennsylvania, has become a believer in facial recognition tools to stop bank fraud. He says the emerging technology has already delivered results for the institution many times.

"We had a case last week where we had a person come in with a fictitious drivers license, and we actually used it (the technology) to determine that wasn't the member," he says. "It allows me to search for it (the image) very quickly and produce that for law enforcement."
South African banks have been making big moves in their use of Biometric ID management technologies lately. The applications described in the article above rely on data possessed by the U.S. banks rather than stored in government databases.

Friday, November 18, 2011

E-gate system introduced at two Saudi airports

Airport E-gates: Yesterday Taiwan

Today Saudi Arabia
JEDDAH: Saudi Arabia has introduced the e-gate system at King Khaled International Airport in Riyadh and King Fahd International Airport in Dammam to facilitate the entry and exit of passengers.

"Those who want to make use of the electronic facility should approach the registration center at the two airports to get their e-gate cards," the Passport Department said in a statement on Saturday.

Officers at the registration center will check an applicant's identity and upload his/her biometric features (fingerprints and eye images) into the system before issuing the e-gate card with the applicant's photo.

Gambia: Old National ID Card Will Soon be Invalid

Card which was in circulation before the introduction of the biometric national identity card is declared null and void with effect from 31 December 2011 (TMCNet)

Nigeria: Government to Pay Increase Arrears Only to Those Biometrically Verified

A porous system that condoned corruption (next)
The Federal Government will pay the promised increase arrears of salary only to biometrically verified staff of PHCN [ed. Power Holding Company of Nigeria], Mrs Ibikun Odusote, Permanent Secretary in the Ministry of Power, has said.

Odusote made the position of the Federal Government known in a statement made available to the News Agency of Nigeria (NAN) on Thursday in Abuja.

She said funds for the arrears of the payment promised by Mr President was available and would only be paid to biometrically verified PHCN workers with effect from September.

Odusote explained that the present administration was ready to implement 50 per cent wage increase for PHCN workers, adding that government, however, noticed ghost workers that induced the wage bill increase.

Thursday, November 17, 2011

ICE Secure Communities Nationwide Coverage Map

The U.S. Immigration and Customs Enforcement released a full update of every county participating in the Secure Communities initiative and when they came onboard. Click here for the full PDF.

♦ Oregon has 100% participation while Washington has very little
♦ Wisconsin has 100% participation while Minnesota has 0%
♦ Pennsylvania has 3 counties participating while nearly every county that borders PA, with the noticeable exception of New Jersey counties participates

From the ICE website:
Secure Communities is a simple and common sense way to carry out ICE's priorities. It uses an already-existing federal information-sharing partnership between ICE and the Federal Bureau of Investigation (FBI) that helps to identify criminal aliens without imposing new or additional requirements on state and local law enforcement. For decades, local jurisdictions have shared the fingerprints of individuals who are booked into jails with the FBI to see if they have a criminal record. Under Secure Communities, the FBI automatically sends the fingerprints to ICE to check against its immigration databases. If these checks reveal that an individual is unlawfully present in the United States or otherwise removable due to a criminal conviction, ICE takes enforcement action – prioritizing the removal of individuals who present the most significant threats to public safety as determined by the severity of their crime, their criminal history, and other factors – as well as those who have repeatedly violated immigration laws.

Secure Communities imposes no new or additional requirements on state and local law enforcement, and the federal government, not the state or local law enforcement agency, determines what immigration enforcement action, if any, is appropriate. Only federal DHS officers make immigration enforcement decisions, and they do so only after an individual is arrested for a criminal violation of state law, separate and apart from any violations of immigration law.

MedBox Biometric Pharmacy

MedBox Develops Patent-Pending System for Storage and Retrieval of Prescription Drugs (PharmaLive)
The process is as simple as it is ingenious: When a customer drops off a prescription at their favorite pharmacy, the pharmacist will ask if they want to pick it up at the counter (which means possibly waiting in line and being subject to the pharmacy hours), or pick it up at the self-serve storage system – usually located immediately next to the pharmacy counter. If the customer opts to pick up their medicine from the convenient self-serve system, the pharmacist will register the patient, which is a one-time process that takes about 2-minutes. When the order is completed the pharmacist will place the medicine in a pre-determined slot in the self-service storage system. The customer can return to the store at their convenience, swipe their ID Card, place a finger in the biometric fingerprint verification system, and the appropriate slot will be able to be accessed by the customer.
This makes a lot more sense than the wine vending machine.

Nigeria: All drivers must migrate to Biometric driving licence

Federal Road Safety Corps: all drivers must migrate to the new driving licence by August 31, 2012 (Punch)
The Corps Marshal and Chief Executive Officer, FRSC, Mr. Osita Chidoka, had said Nigeria was losing over N15bn annually to vendors of fake vehicle licences.

He explained that the introduction of a new driving licence, with new security features, would make it difficult for fraudsters to continue to forge the document.

Chidoka also said the new scheme would ensure the standardisation of the driving licence, reduce the processing time and guarantee a one-stop-shop for the processing of applications as well as physical capture of applicants’ biometric system.
15 billion Nigerian Naira ≈ 94 million US Dollars

Taiwan to launch biometric e-gates to speed up immigration clearance

Hot on the heels of its announcement that the success of its biometric passport regime points the way toward visa-free travel to the US, Taiwan is adopting other biometric travel technologies.

Taiwan to launch e-gates to speed up immigration clearance (Taiwan News)
Taiwan will officially launch e-gates, or automated immigration gates, at three airports and one seaport in January next year to speed up immigration clearance, an official said Wednesday. The e-gates, which are already being tested, will allow Taiwanese citizens who have registered their biometric data and hold valid passports to clear immigration through the automated gates, Shih Ming-teh, a division chief at the National Immigration Agency (NIA), told CNA. A total of 30 e-gates will be put into operation at Taiwan Taoyuan International Airport, Taipei Songshan Airport, Kaohsiung International Airport and Kinmen Seaport.

South Africa: Banks have Access to and Use Government Database to Reduce Identity Fraud

Let your finger do the banking (IOL.co.za)

The South African government and its banks are real trailblazers on identity assurance. What they're doing is a pretty big deal.
Following the introduction last week by the Department of Home Affairs and the SA Banking Risk Info Centre (Sabric) of its Home Affairs National Identification System (Hanis) to help combat identity theft, several banks said they had similar safety measures in place to safeguard customers.

Last week FNB announced that it had successfully tested and rolled out a biometric identification and verification system which allowed for online verification of customers through their fingerprints.

The chief executive of FNB’s Smart Solutions, Line Wiid, said the system used real-time fingerprint verification linked to Hanis.

“We continue to use innovative measures to make banking safe and convenient for our customers – in this instance, by reducing identity fraud. With the rise in identity theft it is crucial that we adopt measures that not only protect us as a bank but also protect our customers. Biometrics verification is one way to build trust with our customers,” said Wiid.

She said the bank had been piloting the biometric verification scheme since July. The system not only validated fingerprints against the bank’s own database but also against the national database held by the Home Affairs Department.
Earlier post:
South Africa: Banks getting access to Government fingerprint verification system

Tennessee County Debates Biometric Time-and-Attendance for Sheriff's Department

County wrestles with payroll system (Daily Herald - Maury County, TN)
Using the automated payroll system, some employees would be able to log in daily at their computer, while others who don’t always have access to a terminal — including sheriff’s deputies, highway department, solid waste and central maintenance employees — would be able to clock in using a biometric reader that scans their fingerprints.

The time sheets that employees now fill out are reviewed by their supervisors and then sent to the budget office for tabulation. Maury County Budget Director Jim Bracken estimated an automated payroll system could save the county $400,000 a year by eliminating inefficiencies.

The system would cost $97,000 annually, Bracken said.
Smaller media outlets routinely do a superior job at elucidating the issues that determine the desirability of biometric deployments. The issues on both sides are important. The Return on Investment implicit in the above quoted text ($400,000 - $97,000 per year) should be balanced against arguments appearing elsewhere in the article.

Also, don't miss the article's comments.

West Virginia: Senators, FBI to Celebrate Construction of Biometrics Facility

Construction is scheduled to wrap up by the end of 2013 (Huntington Herald-Dispatch)
It will house biometrics staff of both the Department of Defense and the FBI.

Employees will move in during the first half of 2014.

Ultimately, some 160 Defense employees and some 1,200 FBI employees will occupy the space.

Wednesday, November 16, 2011

Rhode Island: DMV uses biometrics to fight fraud, crime

Full article here: Turnto10.com Providence New Bedford

See also: How DMV Face Rec Can Prevent Identity Theft (Sept. 13, 2011)

Malaysia: After Singapore, Brunei?

Malaysia mulls over proposed special lane at Brunei border (New Straits Times)
"This facility expedites the immigration inspection process at entry points of both countries, and with this facility, FTF users need only obtain passport verification, once every three months." He said this was because, verification and entry or exit activities were recorded electronically, using biometric fingerprints which did not require them to fill out disembarkation forms.
Malaysia had some real growing pains with the biometric border checks with Singapore (lots of posts here). The fact that the news media in Singapore has been largely silent on the subject lately leads me to assume that those growing pains have largely subsided. That Malaysia is considering a re-run with Brunei reinforces the belief that (a) Malaysia is confident that it can apply the lessons it learned with Singapore to its border with Brunei and (b) there were gains associated with the biometric installation at the Singapore border that makes extending its use to Bth border with Brunei desirable.

This post (Malaysia Expands Biometric Automated Clearance System) has maps covering Malaysia, Singapore and Brunei and a picture of a major Malaysia-Singapore border crossing.

Australia: Deal with US on DNA a "perfect match"

Another day, another bi-lateral biometric security agreement.
Australia and the United States have committed to a crime-fighting union (Adelaide Now)
Both countries yesterday signed a memorandum of understanding to share resources, including DNA profiles on suspects.

The arrangement will also allow crime fighting agencies to cross-check biometric data such as fingerprints, unlocking information on suspects in both countries.

Home Affairs Minister Brendan O'Connor and US Ambassador to Australia Jeffrey Bleich yesterday committed to the arrangement, which will involve information sharing between agencies in both countries.
Additional reporting:
Australia, US sign new deal on DNA checks (AAP)
Australia and the United States can now swap DNA and fingerprint data more easily in the fight against terrorism and transnational crime.

Ghana Goes Ghostbusting

Ghana: 29,000 'ghost names' on governmemt's pay roll (Ghanaweb)
Over 29,000 employees on Ghana’s payroll cannot be accounted for, Finance Minister Dr. Kwabena Duffuor has stated.

This follows a biometric registration process of all pensioners and public sector employees in at least five regions of the country.
Ghana has ten regions.

Tuesday, November 15, 2011

Mobile Computing: Will Biometrics Replace Tokens?

Some ideas about how logical access control will evolve as mobile computing hits the government sector...

Are mobile devices already making PIV cards obsolete? (Government Computer News)
How will cards be accommodated on smart phones and other handheld devices?

Some industry observers think they won’t be; that the time of the PIV [ed: Personal Identity Verification] card has passed before it has been fully adopted.

“I think they will move away from the hardware requirements,” said Susan Zeleniak, group president of Verizon Federal. She predicted that authentication and authorization will be done via onboard biometric applications in handheld devices.

Biometrics Market US$9.337 Billion By 2014

Research and Markets: Global Biometrics Market US$9.337 Billion By 2014 (Press Release)
According to the report, one of the major factors driving the Global Biometrics Technology market is the increasing frequency of cyber-attacks on government departments and installations over recent years. The report also discusses the challenges associated with competition from non-biometric technologies.

Korea and Visa-Free US Travel

Koreans to Benefit from Automated Immigration Checks in U.S. (The Chosun Ilbo)
To benefit, travelers have to register with a smart entry system Korea implements to get approval from both governments as "trusted travelers." "Trusted travelers" are those whose biometric information, including fingerprints and photos, is registered with the government, and who are deemed to present no risk.
Yesterday, it was Taiwan; today it's Korea.

Strengthening ID assurance by issuing biometric passports has become a prerequisite to any new bi-lateral or multi-lateral agreements on visa free travel.

UK: Airport iris-scanning system is scaled back

Britain’s groundbreaking iris-scanning system is being quietly scaled back (Financial Times)
The scanning system, known as Iris, was first introduced in 2005 and aimed at low-risk, frequent travellers. The scheme, which identified passengers through the unique pattern of their iris, is free to use but relies on a 15-minute registration which must be renewed every two years at an airport enrolment office.

The retreat from iris-scanning will make it harder for business travellers to avoid queues and raises fresh questions over whether government budget cuts have contributed to the bottlenecks.

The Financial Times has learnt that the Home Office has closed enrolment facilities at all Heathrow terminals except 1 and 5 and also at Gatwick, Manchester and Birmingham.
The reader comments run fairly supportive of the IRIS system and skeptical of the stated reasons for scaling back.

All Electoral Biometric Applications are not Created Equal

Sierra Leone: No Biometric Voting for 2012 (AllAfrica.com)
Freetown — A Commissioner for the National Electoral Commission NEC has disclosed to the media and civil society groups that contrary to misinformation, there will be no biometric voting come 2012 presidential and parliamentary elections. Miata French made this disclosure yesterday at a day sensitization forum organized by the International Foundation for Electoral Systems (IFES-SL) at the Mamba Point resort at Wilberforce in Freetown.

She said the biometric system will only be used for voter registration and that it would be stopped immediately registration ends.
Ghana: Electoral Commission Accepts Biometric Voter Verification (Daily Ghana Guide)
Dr. Afari-Gyan had reportedly rejected calls from various bodies including religious organisations for the EC to ensure there was voter verification at the December 7, 2012 general elections, stating nobody could dictate to the commission how it should carry out its constitutional mandate.

However, speaking at a day’s conference organised by the West African Parliamentary Press Corps in Accra yesterday, the EC chairman indicated there would be biometric registration as well as verification as the budget for both processes had been presented to government.

“Anything that improves the system of verifying people’s identity is good. So if there is another way of improving the system, we have to do it,” Dr. Afari-Gyan remarked.
The world's newest, and most fragile, democracies are embracing biometric ID management techniques in order to buttress the electoral process. Biometrics can add a layer of identity assurance to the electoral process at an affordable price.

There's also a lot of confusion about what people mean when they talk about biometrics in elections. Different methods of involving biometrics in the electoral process lead to disparate impacts on the reliability of the final vote tallies.

Some definitions:

E-voting - Votes are simultaneously cast and recorded using a computer.

Biometric Voter Registration - The voter registration process involves recording a biometric identifier along with all the other data required in order for an individual to register to vote. A database de-duplication process is undertaken to minimize fraudulent registrations.

Biometric Voter Verification - Before an individual is allowed to vote, their identity is verified using the biometric provided at registration.

Biometric Voting - most often refers to an e-voting system where the biometric voter verification and voting function take place on the same machine. The term "Biometric Voting" also seems to serve as a catch-all for using biometric ID management techniques at any stage of the electoral process.

Using these definitions, it's possible to have biometric registration without biometric voting, biometric voter registration without biometric voter verification, biometric voter registration and/or biometric voter verification without biometric voting, and e-voting without any biometrics at all. Different combinations lead to differing likelihoods of obtaining accurate and fraud-free vote tallies.

Some voting schemes built from combinations of the technology defined above may even represent a net step backward from the status quo. If biometrics are integrated into the electoral process where the scope for fraud is quite small and omitted where the weakness of the electoral process is most pronounced, the presence of biometrics might give citizens a false sense of security regarding the integrity of the vote. Knowing you're naked is one thing. Being naked when you think you're clothed opens the door to a different set of risks.

Monday, November 14, 2011

Taiwan, Biometric Passports and Visa-free Travel to the US

U.S. to give positive hints on Taiwan’s visa waiver candidacy (TaiwanNews.com)
Taiwan is close to achieving the requirements of the VWP [ed. Visa Waiver Program], Yang said, after having reached a U.S. visa rejection rate below 3 percent, issued biometric passports and introduced a mandatory in-person passport application procedure for first-time applicants.
All around the world, it seems like strengthening ID by issuing biometric passports has become a prerequisite to any new bi-lateral or multi-lateral agreements on visa free travel.

Kenya adopts biometric verification for election 2012

Voters used biometric IDs for the first time August 4 (The Statesman - Ghana)
Against the background of civil unrest resulting from its 2007 elections, Kenya has completed the piloting of a biometric verification system in readiness for its 2012 general elections, with nearly 1.5 million voters all across Kenya taking part in the pilot programme.

Weak ID, Crime and the Economics of the Agricultural Sector

Editorial: Tamper-proof ID an idea worth trying (The Daily News - New York)
U.S. Sen. Charles Schumer summed up nicely a little over a week ago what many farmers have been saying for years: Farmers need better tools for checking the identification of their workers.

Sen. Schumer was speaking in response to questions about the Oct. 30 stabbing death of Kathleen Byham in a store parking lot in Albion. The man charged with her death, Luis A.Rodriguez-Flamenco, confessed to killing her, offering no explanation for his action. Rodriguez-Flamenco, it turned out, is not only an illegal immigrant. He had been accused of committing another crime, but gave police a false name and was granted bail. He also turned out to be wanted in the state of Georgia for violating probation. He was able to evade the authorities for so long because immigration policies in this country have flaws big enough to drive harvesting machines through.
Earlier post along similar lines:
USA: Georgia Agricultural Commissioner and San Francisco County Clerk agree: Biometrics Make ID Stronger

Face Recognition, Face Detection and Marketing

The New York Times takes a look at the marketing world's embrace of technologies that attempt to discern audience demographics to target advertising. It gets many important things right:
♦ Face detection to determine demographics is not face recognition for identification
♦ Anonymity is different than privacy
♦ Not all applications are created equal

The article, in general, is so solid that one could be forgiven for overlooking the clich├ęd yet obligatory Minority Report reference in in first sentence. [Was there even any face rec. in MR, at all?]

Face Recognition Makes the Leap From Sci-Fi (New York Times)
As SceneTap suggests, techniques like facial detection, which perceives human faces but does not identify specific individuals, and facial recognition, which does identify individuals, are poised to become the next big thing for personalized marketing and smart phones. That is great news for companies that want to tailor services to customers, and not so great news for people who cherish their privacy. The spread of such technology — essentially, the democratization of surveillance — may herald the end of anonymity.

And this technology is spreading. Immersive Labs, a company in Manhattan, has developed software for digital billboards using cameras to gauge the age range, sex and attention level of a passer-by. The smart signs, scheduled to roll out this month in Los Angeles, San Francisco and New York, deliver ads based on consumers’ demographics. In other words, the system is smart enough to display, say, a Gillette ad to a male passer-by rather than an ad for Tampax.

Saturday, November 12, 2011

Taliban, Afghanistan-Pakistan border & SEEK

The Taliban Got the Biometric Border Blues (Strategy Page)
Pakistan, under pressure from the United States and Afghanistan, has agreed to resume using biometric (fingerprinting, photos and iris scans) of people using the roads between Pakistan and Afghanistan. The equipment for this was installed at border posts near Quetta (the capital of Baluchistan province, which forms Afghanistan's southern border) five years ago. But after a few days, thousands of armed, and angry, tribesmen forced the border posts to shut down until they got rid of the biometric gear. The Taliban, and drug gangs, knew that this biometric stuff was being used with great success in Afghanistan to identify and track Islamic radicals and all sorts of criminals.
Much more at the link.
If, in addition to biometrics, you're interested in worldwide military affairs, it's hard to beat Strategy Page.

Friday, November 11, 2011

Biometrics Exonerate as well as Convict

Man jailed for strip club shooting sues DeKalb (ed. Removed broken link to The Atlanta Journal-Constitution)
At the exact moment Terry Stephenson was shot outside Pin Ups on East Ponce de Leon Avenue, Celestin and Nichols were one mile away at Atlanta Kitchen, where both men worked at the time. The proof was irrefutable, as employers of the food service equipment company had to sign in using a biometric time clock that required a hand print.
Shifting gears: for now, judges are reluctant to allow face recognition analysis as evidence. Based upon some of the phone calls we receive, defense attorneys are very interested in the technology.

El Paso Border Crossing: "Improving to Keep You Moving"

Like "Trusted Traveler" for foot traffic.

U.S. Customs and Border Protection launches pilot system designed to speed bridge crossings (Las Cruces Sun-News)

Commerce With a Conscience: Biometric ATM for the Illiterate

6 Philanthropic Innovations From the Most Unexpected Sources (Mashable)
6. The Pillar ATM

Cash register manufacturer NCR Corp. is rethinking the ATM for illiterate and semi-illiterate populations. Its new money machine — a waist-high, free standing pillar — features a fingerprint biometric sensor, preset cash buttons, a cash dispenser and a receipt printer.
Why it’s unexpected: Where is it written that an ATM needs to have a screen and buttons? Rethinking a device with such a conventional construct takes a lot of thinking outside the box.
The other five are cool, too. Solar Bottle Bulb (#2) is truly ingenious.

India: Gender Minorities Need, Fear UID

Gender minorities: UID makes them unique target (DNA India)
Members of sexual minorities, who are in desperate need for identity proof as it is a necessity for something as simple as buying a SIM card, are unsure if they should welcome the Aadhaar. Recounting the examination that she had to put herself through to secure a passport, Veena said: “It took me one year and two months to get my passport. At the passport office, the official questioned me for more than an hour. At the hospital, I was stripped, my organs scanned and photographed. At the police station, too, I had to answer many uncomfortable questions.” Authorities even asked her why she needed a passport and if she would misuse it.

Manjesh said that sexual minorities have to work hard to prove their identity and show that the certificates were genuine. “Securing my father's property was difficult. People beat me up and accuse me of stealing someone else's documents,” he said. “I have been unable to get the benefits that are given to disabled people even though I am eligible for it because of the gender and identity issue,” another member said.
Background: India's Transgendered - The Hijras

We say it all the time here: Identity management is about people. A functional Identity Management system must catalog enough descriptors of each individual to preclude confusion among individuals, enabling one type of discrimination (discernment). But some traits useful for identity management might also be used to discriminate in ways that have no basis in law or place in a society that seeks to unleash the talents of all its members.

At its core, India's Aadhar is an attempt at modernization. It seeks to modernize the way the government administers the services it provides (welfare, etc.); it seeks to provide its citizens with modern mechanisms for acting within a globalized, interconnected world (banking, telecom, etc.). It also seeks to endow each of its citizens with a legally meaningful personhood, allowing each individual to enter into contracts, vote and more fully exercise their basic rights. Biometric technologies have lowered the costs to India and other countries of developing an Identity Management infrastructure, something without which no democratic nation-state can fulfill its responsibilities to its citizens.

In striving to attain the more explicit goals behind Aadhar, India is also forced to examine anew aspects of its ancient culture within the context of rapid modernization. This is far more than a technical challenge. The subject of caste came up early (how couldn't it?) and it was included in the information the Census collected on each individual. Gender identity, routinely included in identity management systems, presents a similar non-technical challenge.

With each potential identity management detail, there are three choices: Exclude collection; Include collection to establish individual identity and allow group discrimination (i.e. voting age); Include collection to establish individual identity but prohibit group discrimination (i.e. eye color). Each decision begs other questions. Answering those questions has serious societal consequences. Then again, so does not asking the questions. Despite the technical wonder of biometrics and organizational challenge of identity management, this is the hard work of Aadhar and modernization. If was easy, everyone would have done it.

Biometrics help UK detect (more) Sri Lankan Visa fraudsters

UK visa applicants arrested for identity fraud (Daily Mirror - Sri Lanka)
The UK Border Agency uncovered this deception because it takes biometric data from customers as an integral part of the visa application process.
Earlier post from August in its entirety...

Biometrics bust Sri Lankan fraudsters applying for UK visas

UK visa applicants arrested (Daily Mirror - Sri Lanka)
The UK Border Agency uncovered this deception because it takes biometric data from customers as an integral part of the visa application process.

Germany to sue Facebook over face recognition. Facebook to make all sharing privacy settings 'opt-in'

Facebook faces legal action from a German data protection watchdog (thinq_)
"This requires storing a comprehensive database of the biometric features of all users," the organisation wrote. "Facebook has introduced this feature in Europe, without informing the user and without obtaining the required consent. Unequivocal consent of the parties is required by both European and national data protection law."
In other news:

Facebook to make all sharing privacy settings 'opt-in' (ZDNet)
The settlement would require the world’s largest social network, with over 800 million users worldwide, to “express affirmative consent” if it makes “material retroactive changes”, the Wall Street Journal reports. The settlement dates back to an FTC investigation to December 2009, when Facebook radically changed its privacy settings. The changes, at the time, made parts of users’ Facebook pages, such as profile picture and other personal information from birthdays to friends’ lists public.

Thursday, November 10, 2011

Busting the myths against Aadhaar, the Indian UID project

♦ Myth No. 1: Giving Biometrics for purpose of UID will result in loss of Private data
♦ Myth No. 2: UID project is too costly for the nation
♦ Myth No. 3: De-duplication using Biometrics may fail due to illegible finger prints
♦ Myth No. 4: Cyber criminals may misuse UID Database
♦ Myth No. 5: Anyone can get enrolled for UID using fake documents

Read the whole thing. (Kerala IT News)

Biometrics and Interoperability Combine to Shrink the Market for Stolen Passports

Curbing passport abuses (Asia One News)
The theft and sale of Malaysian passports could end soon when Kuala Lumpur signs in to a global system for e-passport validation, which enables other countries to read details, such as fingerprints, in the chip embedded in the passport.

Black market sales of Malaysian passports are a thriving business as citizens of countries with dubious reputations pay good money to enjoy the same treatment Malaysians get at entry points.

Government sources said while Malaysia's e-passports were embedded with a smart chip, other countries could not access the database or read the details.

However, by being a part of the International Civil Aviation Organisation's Public Key Directory, Malaysian passports would benefit from interoperability with border controls of at least 75 nations.

Interoperability refers to the ability of a system to work with other systems.
I like that this article puts Interoperability on an equal footing with Technology. Identity management is about people. An efficient and successful ID management system depends upon good information, good technology and good relationships between those who create (and vouch for) an identity document and those who accept the ID document as valid.

Protecting Biometrics on ID Documents

Spotlight on Entrust, its CEO and how they fit in to secure ID.
Putting a face and a fingerprint to a name (Daily Herald, Provo, UT)
"We put a digital signature into the chip or the magnetic strip," Conner said in his Dallas headquarters office. "We encrypt and digitally sign all of the personal information that you provide so that it can't be tampered with."

The same is true for more than half of the passports issued by governments around the world.

Passports in six European countries and Malaysia have added biometric photos and fingerprints embedded by Entrust to foil counterfeiters. Saudi Arabia, Qatar and the United Arab Emirates use its encryption for their national identity cards, some with biometrics.

But the piece de resistance is an all-in-one smart card developed for Interpol so that its law enforcers can move seamlessly from one country to the next, get inside any of its worldwide facilities and securely hook up at even the most insecure public Internet kiosk or cafe.

Biometrics Enables Rapid Identification of Convicted Sex Offender

Sex offender caught entering country (Las Cruces Sun-News)
Both subjects were transported to the Ysleta Border Patrol Processing Center and upon entering their biographical and biometric information into the Integrated Automated Identification System (IAFIS), it was revealed that subject Alvarez Sanchez had a prior conviction for the offense of Criminal Sexual Contact of a Minor.
Additional reporting at Mas Noticias.

India: Four Ways Forward for UIDAI and Home Ministry

4 options before Cabinet to resolve UIDAI enrolment (Hindustan Times)
This issue remained unresolved at a meeting of a finance ministry committee, which restricted UIDAIs enrollment to 200 million people by March 2012, and left the final decision for the Cabinet.

Now, the plan panel has prepared a note for the Cabinets consideration with four options ---- amendment of the law to allow the commissioner and UIDAI to enroll, stop UIDAI from enrollment beyond 200 million, allow only commissioner to enroll and allow commissioner plus other government agencies such as banks to enroll.

But, the plan panel believes that allowing only the commissioner to enroll would delay linking government welfare schemes with unique identification (UID) or Aadhaar numbers.
Click here for much more on the Indian ID project.

Wednesday, November 9, 2011

Poland: Biometrics in Law and Forensic Science Conference

This looks interesting:

1st International Forensic Technology CrimeLab Fair, University of Warsaw Faculty of Law and Administration

The conference aims to present and summarise the actual knowledge on legal and forensic applications of biometrics in Polish and international law. The conference shall draw attention to important theoretical and practical issues associated with standardisation and development of technologies related to biometrics, and also indicate the key risks associated with their application.

Leading themes
♦ Biometrics in Polish and international law;
♦ Forensic identification vs. biometric technologies;
♦ Threats connected with biometric technology application;
♦ Biometric data security;
♦ Standardisation in forensic science.

Polish organizations certainly seem to be taking an active role in developing and deploying biometric technologies.

Fingerprinting strippers just the start

Mike Strobel welcomes our biometric future.

Biometrics are just a high-tech means to our eternal quest — stop the bad guys (Toronto Sun)
Which would you prefer? A fingerprint reader and a face recognition screen? Or a big, hairy guy named Burt patting you down?

Voice Biometrics and Large-Scale Deployment Challenges

The article deals with voice biometrics integration but many of the points made in the article apply to facial recognition as well. There's a real difference between finger and iris deployments where the user, by interacting closely with the biometric sensor, takes a lot of chaos out of the environment, and face and voice applications where the software must make sense of a more "real world" i.e. chaotic environment.

Real skill is required in order to deploy a system that can account for users that only occasionally interact with these systems and then do so from any number of environments. There's a real art to deployments where the biometric identification involves non-habituated users in a non-standard environment.

Tips for a Successful Voice Biometrics Deployment (Speech Technology)
Naturally, all deployments are different. This holds true for almost all software. It becomes unique once it becomes part of a bigger ecosystem, call centers particularly, and voice biometrics especially. Voice biometrics has to be carefully tailored. The voiceprints that make up the core of its authentication processes are heavily shaped by the regionalisms and demographics of the end user base, as well as modality. A company that receives calls mostly from Texans who are 65 and older would have to be tuned very differently from an organization that gets mobile app hits from California businessmen and women.

Selecting a vendor marks the beginning of a long conversation and process. To build a successful voice biometrics deployment, a company must know who its customers are, what its business value is, and how its information is secured. Therefore, it is critical that all appropriate stakeholders be part of the conversation.
The author, Eric Barkin, brings plenty of insight into the security, organizational planning and technical integration of voice biometrics — insight that applies to meeting other business challenges, as well.

h/t @voicevault

Tuesday, November 8, 2011

The business of time: Selling time machines

PhillyBurbs.com has a nice profile on time-keeping and biometric time-and-attendance entrepreneur, Michael Hoover.

Those time clocks that punched paper cards are such a thing of the past (phillyBurbs.com)
Biometric readers, machines that read finger or palm prints, make up about 75 percent of the hardware the company sells. The systems eliminate fraud and "buddy punches," in which employees clock in for friends who aren't really working, Hoover said.

"Time and labor management (as an industry) is narrow," he said. "But it's very deep in sophistication of payrolls and schedules."

Poland: Banks, Biometrics, Smartphones & Mobile Commerce

Poland's banking market adjusting to innovative technologies (Warsaw Business Journal)
Experts at the 2nd annual Warsaw International Banking Summit, held in late October, generally agreed that Poland is moving in the right direction, and is one of the leaders in biometrics and mobile payments in Europe. However, it remains unclear which type of companies can take the lead, whether it will be banks, tech giants, payment firms or mobile operators.

Moreover, it is still not completely clear which applications and technologies customers will take to.
Lots of good stuff at the link.

South Africa: Banks getting access to Government fingerprint verification system

Bank security at the fingertips (Independent Online - S. Africa)
Identity theft and an increase in fraud have led to the South African Banking Risk Information Centre (Sabric) getting access to the Department of Home Affairs fingerprint verification system.

Bank clients will have to have their thumb prints scanned and produce their identity documents for any transactions.
The system, known as Hanis (Home Affairs National Identification System), contains citizens’ ID numbers, fingerprints and photographs, allowing banks to do on-the-spot identity verification that can be checked against the ID produced by a client.

Senior researcher Charles Gorendema, of the Institute for Security Studies’ organised crime and money laundering unit, said the initiative would reduce crimes committed in banks by people who presented false identity documents.

But he warned that it would not be a panacea for identity theft and fraud because some crimes were committed electronically, when criminals did not need to appear in person.
This seems like an extremely big deal to me. If this story is accurate an industry group, Sabric, will have direct access to the government's biometric identity management database. I'm not aware of something like this having been done before.

More here:
Banks, home affairs team up to battle identity theft (Business Day)

Dishonesty detectors: Flawed technology?

We've been generally skeptical of applied behavioral biometrics (and biostatistics) in security applications. The author of the linked article, in the quoted text below nails the reason we're unlikely to see these technologies deployed for a very long time. It's a variation on the Return on Investment argument for adopting a given security solution.

Who knows what evil lurks in the hearts of men? (Smart Planet)
Even if we put aside reservations about self-reported scores on trials under unspecified conditions and grant that FAST is a technology in its infancy, that track record doesn’t inspire confidence. No one should be satisfied with a screening method that lets through more than one out of every five would-be plane bombers. Far more annoying, however, is that we don’t know exactly what the rates of false positives and false negatives were. A system that missed 20 percent of the terrorists in an airport would be bad but terrorists are rare, so disastrous mistakes would be few. But a system that snared 20 percent of innocent travelers as terrorist suspects would destroy air travel overnight.
Even while extending the author's benefit of the doubt, for airports especially the (negative) return on investment would be crippling.

In order to see how, let's imagine a system integrator's dream deployment and then see how that environment differs from an airport.

A system like this would detect all sorts of biostatistics and then compare them to some "normal" value, allow for a tolerance and then alert administrators if something is out of a certain range. If someone wanted to deploy a system like this and give it the best possible chance of success, it would make sense to seek out an environment where "normal" is a very narrow range, rather than a very wide range. The test designer would naturally gravitate toward a test environment where the test subjects make up a homogeneous group, a place where there is cultural uniformity, narrow age differences, low novelty, etc. If I'm the tester, I'm thinking prison first, then military base.

Now airports, by their very nature serve people of all ages from all over the world in various mental, physical and emotional states, not smooth sailing for testing sensitive equipment or training TSA staff to make judgments on small fluctuations of observed data. In airport use, either the error rates have to be very small, or the biostatistic examination would serve as only a small factor in security decision making.

Removing our benefit of the doubt by hypothesizing that those most likely to want to bring harm to global commerce and air travel might undertake training to control their biostatistics and subvert the security they afford, I'm guessing that airports will be one of the last places to adopt such a system. It'll be too costly in all sorts of ways for too little return.

See also:
Security: Biometrics vs. Biostatistics (Sept. 15, 2011)
Behavioral Biometrics or Public Lie Detectors? (Sept. 23, 2010)
Mal-intent may be the future of security (June 1, 2010)

Monday, November 7, 2011

UIDAI to Agencies: Don't Turn Away the Printless

Turn away residents and face the music: UIDAI tells agencies (Hindustan Times)
“Under Aadhaar, there is no provision to turn away residents, who come to get themselves enrolled, and the quality of their biometrics can’t be decided by the operators on their own. A violation will attract action,” Sujata Chaturvedi, deputy director general of UIDAI, said in a letter to HT.
Given the fact that not everyone has hands, much less fingerprints, this is not a new issue.

See also this article on how UID works with poor quality fingerprints.

Malta: €1 Million Attendance system to crack down on public service absenteeism

Skiving off work in the public service is soon to become far more difficult (Malta Independent)

India: Nurturing the Aadhaar ecosystem

Read the whole thing for some of the technical approach that makes UID unique (platform vs. product, perception of permanence, etc.) as well as some of the bureaucratic attributes (openness, security and stability) that should help it sustain its legitimacy over the long term.

Uncertainties surrounding UIDAI should be removed; otherwise applications of the project will suffer (Live Mint)
The first year of its rollout has been a triumph for the UID Authority of India (UIDAI) and its administrators. Over 100 million (10 crore) residents have been enrolled, 63 million people have received their identity numbers, and enrolments have hit their target rate of one million/day. This makes Aadhaar one of the most rapidly adopted technologies in history, and the fastest government technology rollout anywhere.

Nigeria: Biometrics Brought in to Detect Ghost Workers. Staff Destroys Equipment.

Major shake-up looms in Abia local government system (next)
"You are part and parcel of the problem we have in the local government system.

"We decided to clean up the system to detect ghost workers, but you fought the people we brought and destroyed their biometric machines," he had said

Orji also said that the State House of Assembly had already intervened in the matter, stressing that the state government would implement whatever recommendation made by the legislators on the matter.

Sunday, November 6, 2011

Scandal in UK Border Bureaucracy

Hundreds of thousands of people are believed to have entered the UK without crucial anti-terrorist vetting (Mirror)
Four months ago her office began a pilot scheme which meant people from within the EU could be ­allowed into the UK without the usual stringent checks.

The aim was to ­reduce long queues at Heathrow and ­Calais. Then Mr ­Clark reportedly ­extended the ­reduction in ­security – without ­ministers knowing – to ­people from ­outside the EU.

Inquiry after border checks dropped (The Guardian)
The Home Office would not discuss the circumstances of the changes to border checks, but reports suggested border guards were told this summer not to bother checking biometric chips on the passports of citizens from outside the EU to ensure they are not fraudsters. The guards were also instructed not to bother checking fingerprints and other personal details against a Home Office database of terror suspects and illegal immigrants, it is claimed.

UK Border Agency hit by fresh 'bribes for visas' scandal (The Telegraph)
Scotland Yard says a high-level employee, whose job was to vet thousands of visa applications from Africa, accepted bribes for allowing Nigerians to enter the country illegally.

Saturday, November 5, 2011

Jobs in Biometrics

A reader recently made me aware of job listing aggreagator jooble.com.

Here's a link to their Biometrics job listings for the United States.

There's also a ton of opportunity in India.

Brazil, too.

Friday, November 4, 2011

India: UIDAI to Provide Only Aadhaar Numbers

The Nandan Nilekani-led UIDAI wanted to issue Aadhaar cards instead of the laminated letter mentioning the UID number (Moneylife.in)
The Unique Identification Authority of India (UIDAI), which is on a high for tagging residents under its ambitious unique ID (UID) project Aadhaar, has been compelled to stick with its mandate and not venture out of its marked territory. The UIDAI, led by Nandan Nilekani, has cancelled its tender for printing of Aadhaar cards within a month of issuing it, without giving any reason.
More on bureaucratic maneuvering and privacy at the link.

h/t @m2sys

Kosovo: Biometric Passports & Visa-Free Travel

One Hurdle Down, Many More to Go (Turkish Weekly)
Kosovo started to deliver its biometric passports on Monday (October 31st), fulfilling one of the more important criteria for visa liberialisation with the EU. Prime Minister Hashim Thaci hailed it as a "big step".

"It is a document that equalises the citizens of the Republic of Kosovo with those of the EU," Thaci said at a ceremony during which the first biometric passports were handed over. He dubbed the occasion "Day of European Kosovo".
The West recognized Kosovo's independence in February, 2008.

The above linked article does a good job of outlining just what it takes for a new state to get up to speed with established states. Biometric ID management and developing the ability to share information effectively within bi-lateral and multilateral agreements are very important to the process.

India: Globalization, Outsourcing and Data Privacy

India leads the world in supplying outsources services. The industry is worth $47 billion to the Indian economy accounting for some 3.5% of GDP. [Source] The outsourcing firms handle financial and medical information as well as the intellectual property of their customer firms.

India's outsourcing industry breathes a sigh of relief as the government exempts it from strict new data protection rules (CIO.co.uk)
The data privacy rules, issued in April, require companies or their intermediaries to get written consent from individuals about the use of the sensitive personal information they collect. But it would have been very difficult for Indian outsourcers to operate if they had to get written consent from every foreign citizen whose personal data moves through India's vast collection of call centres and other outsourcing operations. India's Ministry of Communications and Information Technology issued a clarification saying the new rules apply only to Indian companies that collect information from individuals.
Given the size of the industry and the sensitivity of the information it handles, it makes sense that the issue of liability for breaches of privacy is a big concern. An Indian outsourcing firm can't operate if it has to get consent from each individual data source. Consent is necessary for the protection of privacy and consent should be obtained at the point where it is most efficient to obtain it — at the point of contact with the individual — i.e. the forms we all sign before receiving services.

Indian firms should know that if they fail to protect the information they work with, they will simply make India the world capital of data theft. The outsourcing industry will not survive with that reputation.

Indian outsourcers have more to fear from their customer firms and global competition than the Indian privacy laws. They should be (and hopefully are) proactively adopting data security measures including logical access control biometrics in order to maintain the competitive advantage they have built over the last 20 years.

Ukrainian government developing new bill on biometric passports

Ukrainian Prime Minister Mykola Azarov: Cabinet of Ministers is developing a new bill (Kyiv Post)
The prime minister noted that the president vetoed the law for very specific reasons. "Of course he is not against the introduction of biometric passports, but at the time when this law was passed by MPs, it was a typical lobbying law. Therefore the president vetoed it," Azarov said.
Earlier posts on the Ukrainian biometric passport:
Ukrainian President Viktor Yanukovych Vetoes Biometric Passport Law (October 21, 2011)
Ukraine: Group of Parliamentary Deputies Request Veto of Biometric Passport Law (October 10, 2011)
Ukraine: Biometric Passports & Visa-Free EU Travel on the Horizon (October 1, 2011)

West Virginia's Two Senators Tout the State's Biometrics Industry

Biometrics Industry Continues to Advance (WDTV News)
Video at the link.

Senators: Biometrics Industry Key to State’s Economic Future (The State Journal - West Virginia)

Sen. Jay Rockefeller:
"More and more, biometric companies from around the nation — and from all around the globe — are coming to West Virginia to do business," Rockefeller said. "West Virginia is a place where innovation and ingenuity, combined with a workforce that's second-to-none, are fueling economic growth."
Sen. Joe Manchin
"We're one of the best-kept secrets in the industry, but our little state is well-prepared and positioned as a national hub and a leader in the biometrics sector," Manchin said. "The word is definitely getting out—West Virginia is open for business and it's a great place to do business. I am certain that the biometrics industry will continue to look to our state as a partner in future ventures."

Thursday, November 3, 2011

Privacy by Design, Competition & Anonymity

On occasion, Privacy Commissioners, even Canadian ones, have come in for a fair measure of criticism here. It is therefore only proper to draw attention to a Privacy Commissioner that has distinguished herself from her peers by repeatedly demonstrating an understanding of technology, democracy, individual rights, law and a habit of thinking through how these forces interact with each other.

Champion of Privacy by Design hails 'year of the engineer' (The Register - UK)

Ann Cavoukian is Privacy Commissioner of Ontario (earlier mentions here and here). Click through to see her responses to:

♦ Tell us more about Privacy by Design.

♦ Do you find by mandating that certain protections or practices are followed in your province, it ultimately means those practices are going to be followed universally?

♦ In a nutshell, what is Privacy by Design? Is it a set of programming interfaces, is it a concept, practices?

♦ Can you give me an example of Privacy by Design in action?

♦ Privacy for users of smart grids, too.

♦ Do you see there being a market for companies to use privacy as a competitive advantage? Can companies use privacy as a feature to compete?

♦ We've heard regulators in Europe talk a bit about the right to be forgotten. Is that something you also advocate?

♦ 'The problem with anonymity' What do you think about anonymity. Should people have the right to be anonymous on the internet, for instance?

♦ What common misconceptions do you see people who are building websites or designing software or hardware have? Do they have common misconceptions about how to ensure privacy, or what privacy even is?

♦ How do you think the Do Not Track initiative spearheaded by the FTC, is going so far?

I maintain that "Privacy Commissioner" is a very strange job title for a government official in a democracy. That subject, however, deserves its own, very long chapter. Nevertheless, if you're going to have a Privacy Commissioner, Ms. Cavoukian is a good role model.

Privacy by Design has come in for a brief mention on this blog here.

Wednesday, November 2, 2011

Aadhaar Gains Momentum, 20 Million Enrollments in October

Aadhaar gains momentum, clocks two crores in October (Economic Times)
The Unique Identification Authority (UID), the UPA's ambitious project, has generated two crore national unique identity numbers in October alone. It aims to roll out Aadhaar-based applications for improved service delivery that will ensure the poor enjoy the benefits of welfare schemes.

UIDAI has generated 59.6 million crore Aadhaar numbers within a little more than a year, and more than 100 million citizens have been enrolled in the system across the country.

"In another major milestone, UID Authority has generated two crore Aadhaar numbers in October," said an official statement.
Plus an update on the duplication controversy with the census.

Crore = 10,000,000

Motorola Atrix 2 Has No Fingerprint Reader

Nooooooo! (itBusiness.ca)
The company removed the biometric fingerprint scanner, as well; when I asked a Motorola representative about this at CTIA, the rep said that it wasn't a widely used feature.
Two days after gushing about the possibilities offered by a fingerprint reader on an Android smartphone, we learn that Motorola has removed the fingerprint reader from the Atrix 2. Needless to say, I'm disappointed.

The sensor couldn't have been a widely used feature until developers had time to write software using it, which they certainly would have done if only a manufacturer such as Motorola had shown a commitment to making the hardware available. Any developer that had written software for it just had the chair pulled out from under them, and those who were looking forward to the opportunity can now focus their attention elsewhere.

Mobile hardware is a tricky business. There is a tension between the market signals from the "make 'em cheaper" vs the "make 'em more secure" crowd. It's unfortunate for the "make 'em more secure" crowd that they lost an opportunity to vote with their wallets.

What Human Resource Managers Can Learn from the President of Guinea's Move to Eliminate Ghost Workers

Guinea President Announces Plan to Clean up Military, Pensions (Africasia.com link inactive)
Guinea's military has been a strong destabilising force since independence, with many leaders achieving power by coups until the nation's first democratic elections in November 2010, won by Conde.

His first task has been to reform the defense sector, and an army which the International Institute of Strategic Studies estimated in 2010 has some 12,300 troops.

"This is not a witchhunt, but we need a change in mindset, which is difficult. All Guineans are set in ways which are not conducive to good governance," said Conde.

He has raised the grade of the retiring officers to improve their retirement benefits, and said his government was carrying out a biometric census in government to do away with ghost employees and other irregularities.
This article is yet another in a long litany of stories about using biometrics to get rid of ghost workers. But this article is interesting in that it hints at an often overlooked managerial tactic for realizing the benefits of strengthened identity management systems.

An organization only has so much money to reward employees. To the degree that those resources are diverted to non-productive ends (i.e. ghost workers) there is less available to compensate those who serve productive organizational ends.

From a management perspective, it's easy to see how demoralizing this could be to those who simply wish to work hard in service to their country for fair compensation.

The president of Guinea, has made an astute management decision in this case. He has raised the retirement benefits of legitimate workers at the same time he has set out to eliminate ghost workers.

Adopting more efficient ID management systems creates winners and losers. In this case the losers are those who receive the ghost workers' salaries. While these individuals aren't necessarily sympathetic characters, they aren't necessarily powerless, either. By sharing the financial benefits of of better ID management with legitimate workers, the president of Guinea has created an "army" of organizational allies as he attempts to change the finances and culture of the military.

This has applicability to the corporate world and time-and-attendance biometrics, as well.

Farm of the Week: Producer clocks in with IT system to control costs
"It might sound hard, but more accuracy means more fairness, for both staff and customers," says Mr Machin. "Thirty percent of our costs are labour. The more we pin costs down, the more choice we have about how to distribute rewards. [Emphasis mine] And the better we get at pricing our produce, the more customers we bring in."
In order to achieve top to bottom buy-in, a manager should consider distributing the benefits associated with better identity management techniques among shareholders, managers and workers.

A bonus for on-time attendance (for example) might raise the morale of workers who were always on time, while offering some consolation to those who saw their ability to milk the system reduced.

A spoonful of sugar helps the medicine go down.

Unisys: Majority of Americans Willing to Provide Biometrics for Air Travel and Financial Transactions

Unisys Security Index (Press Release: Yahoo)
The Unisys study also revealed that more than half of surveyed Americans are willing to provide biometric data to secure their identities. This includes a willingness to provide biometric data at security checkpoints at airports (59.6 percent); when conducting financial transactions with banking institutions (56.9 percent); and when receiving government benefits or other services (53.0 percent). Still, only 21.3 percent were willing to give their biometric data to social media sites, suggesting a perception that either these entities were less careful with their data, or that the risk was simply not worth the reward.

Tuesday, November 1, 2011

Intel to acquire Invision Biometrics for $50 million

Intel (NASDAQ:INTC) Buying Biometrics Company (stocksandshares.tv)
The company is in advanced talks to buy the Biometrics applications which can detect face and body movements and translate them to on-screen game moves to challenge Microsoft’s Kinetic technology.
The firm is Israeli hands-free 3D sensor developer Invision Biometrics.
Market for biometric security at $6b in 2012 (zawya.com)
In fact, recent figures from Wintergreen Research indicate that the global market for biometric security equipment, i.e. biometric government identification program, law enforcement, and commercial fingerprint equipment, is expected to be worth $6 billion by 2012.