Monday, October 31, 2011

The Oldest Identity Management Technology Struggles to Cope

Names failing women in South India
Aadhar should have names of father, husband for women: Ex-CEC (moneycontrol.com)
Gopalaswami said south Indians, especially women, had problems in getting their surnames right in the supporting documents like PAN cards, passports and voters identity card.
It's not obvious to me how much the issue presented in the article matters in India's biometric ID management scheme, but I assume he knows his own job.

But it is interesting to note that, as the world population approaches an increasingly connected 7 billion people, an identity management technology that has been with humans (probably) since pre-history — the name as a unique identifier — though still as good as ever in a great many applications, is having a hard time coping with globalization and very large states.

Mobile Handset Review: Motorola Atrix 4G (The One with a Fingerprint Reader)

Motorola Atrix 4G review (Engadget.com)
Like most slate phones, the front of the device is nearly all screen, save for the familiar Android buttons along the bottom, and the front-facing camera and earpiece up top. Along the top rear of the phone is a power / sleep button which just happens to be a fingerprint scanner too, and the 3.5mm headphone jack. Along the right side of the phone is the volume rocker (easily accessible with your thumb during calls if you're right handed). On the left side you'll find the Micro USB and HDMI ports. Around back, the stylishly patterned casing is broken by the 5 megapixel camera with LED flash, and a speaker along the bottom of the phone.

As far as truly unique hardware goes, the fingerprint scanner seems fairly novel -- but in practice it's a little frustrating. It does work as advertised, but being told to re-swipe your finger if it doesn't take when you're trying to get into the phone quickly can be a little bothersome. Unless you really need the high security, a standard passcode will suffice for most people.

Fingerprint scanner quibbles aside, the Atrix 4G is one of the better looking Android devices we've had a chance to use. We would have liked to see higher quality materials in play here, but despite the housing, the phone comes off as both sleek and rugged -- a great combo for something that will likely be doing double (if not triple) duty in your connected world. From an industrial design standpoint, this device more than holds its own against the the best of the best on the market right now.
Image Source: Motorola


A few observations and a caveat:

Caveat: I've never held one of these devices. I'm just going by what's in the quoted section of the article linked above and what I can infer from the picture.

♦ The fingerprint reader is at the top-center of the back of the device. This seems like a good choice, extending the possibility that both right-handed and left-handed people could use the sensor conveniently using the device as a phone.
♦ It's a swipe fingerprint sensor, as opposed to a static fingerprint sensor. Swipe sensors require far less real-estate than static ones but they also require more user training.
♦ The sensor seems to be in an "alley" that should help the user find it without looking at the device and guide the finger across the sensor, making it easier to use.
♦ The sensor is also the power button, so the Motorola folks didn't just jam a fingerprint reader into some random spot, they gave it a place of honor.

All in all, it's hard not to get excited about the possibilities offered by manufacturers incorporating biometrics into mobile platforms. Motorola appears to have opened the door to these possibilities in a thoughtful and meaningful way. Given the amount of information in our pockets nowadays, it seems likely that this is only the beginning for consumer mobile biometrics.

Malaysia: In-flight Biometric Immigration Checks

This is a great idea. Well done, Malaysia.

Malaysian govt to introduce in-flight immigration checks (The Star - Malaysia)

In my experience, standing around waiting to show your passport is the most time-consuming part of the process of arriving in a country. The vast majority of the time, the bags are on the carousel before the passengers are there to meet them.

Friday, October 28, 2011

Friday Biometrics Newsapalooza

It's busy day for biometrics in the news.

11:41 am Update: U.S. International Trade Commission Finds Multiple Patent Infringement by Suprema and Mentalix, Issues Exclusion Order and Cease and Desist Order - The Secugen folks are probably encouraged by this news.

Nigeria: 'Come Today, Come Tomorrow' - The biometric ID management system, adopted by the government and made necessary by astounding levels of corruption, is very burdensome on legitimate pensioners.

Sierra Leone: Electoral Commission Pays Courtesy Visit to ECOWAS Commission
The electoral Commission had asked for ECOWAS [ed: Economic Community Of West African States] logistical support and sponsorship of some of its activities, particularly in the use of biometric technology for the elections in order to reduce multiple voting. She assured the ECOWAS Commission Vice-President that efforts were underway in to improve security in the country in order to ensure that the elections were peaceful and free of any incident.
India: Comptroller and Auditor General to examine rural development schemes
"My philosophy is be liberal in funding rural development but be ruthless in demanding accountability and transparency. So, all the state governments will find that I will be proactive in supporting them, but I will also insist on the highest standards of accountability and transparency," he added.
Noble County to have first iris scan in Indiana
Noble County Sheriff Doug Harp announced Thursday that his department will become the first agency in Indiana to use information from the human iris to fight crime and track sex offenders.
Fingerprint Time & Attendance: 4 Benefits that Save Money for Businesses

New Zealand: Immigration biometrics for all applicants
"Biometrics provides better tools which allow Immigration to confirm an individual's identity and protect New Zealand's border."
Israeli justice officials release details in database case - No assertion that biometric data was stolen.

Thursday, October 27, 2011

Dubai UAE: Fingerprints needed for Schengen visa

German Consulate in Dubai to introduce biometrics (GulfNews.com)
The German Consulate in Dubai will soon make biometrics, or fingerprinting, mandatory for all Schengen visa applicants, XPRESS can reveal.

"The biometric data system will be introduced within the next year to bring in greater traceability," German Consul General Klaus H.D. Ranner said in an exclusive interview. "It is a response to increased security requirements. It will help check identity theft and make it difficult for people to fake passports and visas."

He said the German Consulate will be the second diplomatic mission among Schengen states to adopt this measure in the UAE.
The UAE already uses fingerprint biometrics in its national ID.

A note on Schengen:
For those as confused as I was about how to pronounce 'Schengen," this should help. Schengen is a town in Luxembourg (pop. 1500) so think German, not Chinese. It rhymes with swingin' as in "Schengen is a swingin' town." This is a mnemonic device, not necessarily a fact.

India UID Hits Stride, Census Getting Started

India’s biometric ID project Aadhaar gets 1 million new registrations daily (The Next Web)
With one million new registrations coming in every day, that database is growing at an astounding pace. The project was kicked off at the end of September last year and has since swelled to include 54 million registrations in just over a year, with the goal of hitting 200 million by the end of 2012.
The rest of the article talks about the Unique Identification Authority of India's IT and customer service as it rapidly increases its capacity.

Meanwhile...

Shortage of kits, manpower hits state NPR work (The Statesman)
Work for preparation of a National Population Register (NPR), which involves creating a biometric database and generating a Unique Identification Number (UIN) for every citizen, has been hit in the state due to inadequate supply of machine kits and scarcity of operators. While the state requires more than 3,500 machines for covering nearly 8.22 crore of its total population within December, 2012, till date it has got only 143 biometric operating machines which are in a working condition. Another 22 machines are not working at all. The authorities are also facing a shortage of operators to carry out the work. Hence, only 8.6 lakh people have been covered so far.
Note: lakh = 100,000; crore = 10,000,000

Caveats: UID has a head start. The article about UID is national in focus while the article on the NPR is local. It's possible, even likely, that one could cherry pick a location where NPR is thriving while UID isn't.

UPDATE:
Aadhaar Gains Momentum, 20 Million Enrollments in October (Economic Times - Nov. 3, 2011)

Wednesday, October 26, 2011

Adoption: Biometrics for Physical Access Control

Government drives match-on-card, new commercial uses emerge (SecureIDNews)
Governments across the globe are driving the use of biometrics, says Dave Adams, senior product marketing manager for Identity and Access Management at HID Global. India, South Africa and Brazil are looking at fingerprint technology to secure facilities. Iris is also on the radar, he adds, but not nearly as prevalent to date. Fingerprint continues to gain in popularity because of its improved accuracy and lower cost. In the past, Adams explains, biometric technology had issues. “The reality hit that you would be holding up people at the front door with false accepts and false rejects,” he says. “The technology has improved dramatically over the past decade.” Many countries are looking at what the U.S. has done with FIPS 201, trying to create a similar specification for use by their government employees, Adams says.
This long piece is chock full of biometrics for physical access control standards, applications and methods.


h/t @m2sys

How King County Washington Manages an Election

This one has only a narrow biometrics angle but elections worldwide have been generating a lot of interest. Here'e how the county containing Seattle does it.

The security setup is part “Mission: Impossible” and part common sense. (Issaquah Press)
King County Elections staffers travel in pairs to retrieve ballot packets from ballot drop boxes. Trucks must pass through a secure gate and a concertina-wire-topped chain-link fence to deliver completed ballots to the elections office.

Inside, electronic key cards and biometric controls to authenticate fingerprints limit access to ballots and processing areas. Crews transport returned packets in a separate elevator from the loading zone to the processing area. The building lacks wireless Internet access to limit possible information leaks. The office maintains a strict policy to require employees and guests to don color-coded lanyards to determine security clearance.

It's On: India Census February 9-28, 2012

Information will be fed to create population register (Deccan Herald)
Registrar-General and Census Commissioner C Chandramouli on Wednesday said the biggest-ever census attempted in the history of mankind enumerating the country’s 1.2 billion population will be conducted across 35 states and Union Territories.
India sure has been going big lately. At its size, it pretty much has to.

Local Governments and Biometrics

A lot of attention is focused on biometric deployments at the national level: visas, immigration, counter-terrorism, the FBI, etc.

Biometrics are also a hot topic at the local level where time-and-attendance systems get more attention and generate robust debate. Local discussions also tend to be very frank.

City, Pool Board consider time clocks (RGJ.com - Reno, NV)
The Fernley City Council is giving city staff 90 days to resolve any union or legal issues involving the purchasing of time clocks and accompanying software to be placed in city facilities.

By a vote of 3-1, the council approved of the purchase of the clocks and software, contingent upon union and legal issues being resolved in 90 days.
The frankness comes later in the article.

Tuesday, October 25, 2011

Perfect is the Enemy of Good

India’s vanishing fingerprints put UID in question (FIRSTPOST)

No good work whatever can be perfect, and the demand for perfection is always a sign of a misunderstanding of the ends of art.
—John Ruskin

Everybody knows that there's nothing perfect in this world, yet plenty that is imperfect also happens to be very useful.

Identity management is conducted by people to account for people. With human beings on both sides of that equation, what rational creature would expect, require, or even dare to hope for perfection?

Is using a name to identify a person perfect?
Some people can't speak. Some people can't hear. Some people can't read. Some can't write. Many people share the same name.

Maybe a photo then?
Some people can't see.

Fingerprints, then?
Forget the article above, some people don't have hands, at all.

Iris?
Some people don't have eyes.

No system is perfect.

In this context, a proper understanding of Ruskin's "ends of art" is Return on Investment, not perfection.

The value of a biometric system does not lie in its perfection. It lies in its ability to help improve lives by a measure exceeding the sum of its costs.

People cope with imperfection in all aspects of their lives including identity management. Planning for exceptions to the routine ID management transaction is something all existing ID management systems already do. Biometrically enabled ID management systems are no different.


h/t @francesIDexpert

Israel Data Breach: What You Talkin' 'bout, Fast Company?

The theft of the Israeli Welfare Ministry database is being used by opponents of biometric population registers to bring attention to the potential dangers of centralized Identity Management data repositories.

This is entirely appropriate and a good thing.

Opponents of the use of biometric technologies are entitled to their point of view and entitled (even obligated) to argue for their vision of the proper use of the technology. Only by forthright and truthful dialogue can democratic societies reach consensus on matters of great importance to the fundamental rights of the individual, among which is the right to privacy.

Unfortunately, a forthright and truthful dialogue on this subject is not to be had by the readers of Fast Company in The Dark Side Of Biometrics: 9 Million Israelis' Hacked Info Hits The Web

Read carefully, the article asserts (twice!) that biometric information was stolen, though it offers no support for the assertion.
According to the ultra-Orthodox Jewish Yeshiva World News, the stolen biometric database was passed around by six separate suspects, who made copies of the records in exchange for cash.

Identity theft and petty Internet crimes being what they are, the stolen biometric information quickly made its way online. One of the secondary suspects uploaded the whole of Israel's biometric records database to the Internet under the name “Agron 2006.” A quick Google search reveals numerous torrents and uploaded copies of the database easily available for download. [bold emphasis mine, links in the original]
The story behind each link provided actually undermines the assertion made in the text of the link itself.

Click the Yeshiva World News link, the one that says "stolen biometric database", and you find absolutely no mention of an actual stolen biometric database. You will find, however, that...
The opponents to such a national database are using this latest incident to warn that if a biometric database was ever broken, the results would be far more catastrophic... In actuality, Israel is lagging behind.
There's plenty of mention of outdated identity documents, though.

Click the link that says "uploaded the whole of Israel's biometric records database" and you'll be directed to an article in which the word "biometric" does not appear at all, but you will find that...
The information included Israeli citizens' names, identification numbers, addresses, birthdates and other important dates as well as relationships between various citizens. 
This is extremely sloppy reporting at best. Whatever else it is, it is certainly counterproductive to any meaningful debate about the proper use of biometric identity management technologies.

What's going on here?

Monday, October 24, 2011

Nigeria: Corrupt Bankers, Ghost Workers & Ghost Pensioners

Though biometric ID management technologies can help dramatically increase security at very reasonable prices, all security procedures ultimately rely on a human being.

EFCC Arrests Banker Over Delta Ghost Workers (allAfrica.com)
The banker (names withheld) allegedly works with the bank which the Delta government contracted out the job of computerizing the payroll through the biometric capture exercise.

Inside sources said that suspect allegedly compromised the security features of the data system by inserting ghost workers including those of seven names of his relations.

He was picked up in Asaba last week and taken to Port Harcourt office of the EFCC for questioning.


Federal Government Set to Flush Out Ghost Workers, Pensioners (allAfrica.com)
AS part of efforts to reduce the cost of governance, Federal Government has promised weed out ghost workers from its workforce and also ensure that problems linked to pension areas and allowances are reduced to the barest minimum.

Coordinating Minister for the Economy and the Minister of Finance, Dr Ngozi Okonjo-Iweala, disclosed this while responding to questions at the Nigerian Economists Conference in Abuja, recently.

According to her, the cost of governance is very high in Nigeria when compared to the rest of the world.
...
The Minister said that several ghost workers had even graduated to ghost pensioners in government's payroll and that the biometric data capturing exercise, which the government embarked upon was designed to identify these ghost workers and ghost pensioners in the country.

Identity Management Biometrics in the Press: Two Guidelines for Non-technical Readers

The way the non-technical press deals with the subject of biometrics for identity management is very uneven, not as uneven as it used to be (thank goodness), but still a bit hit and miss.

So, how is a non-technical reader curious about the emerging technology of biometrics supposed to tell the difference?

If the author mentions Minority Report or retinal scans, watch out.

"Minority Report" probably reveals bias against the technology; "Retinal scans" may indicate a lack of familiarity (or outdated familiarity) with the subject matter.

I say "may" in the case of retina scans because they do exist but they have largely given way to iris scans when the application calls for an eye biometric. This blog post from infosecurity.com gives a flavor of what I mean. So with either a high likelihood of anti-biometrics bias or a potential lack of familiarity with the subject matter, critical reading is in order.

Neither of these are 100% but they're rules of thumb I use every day.

Biometrics, Mobile Computing & Encryption

Are Biometrics the most Important Portable Feature? (ghacks.net)
My argument is that, certainly on laptops, ultraportables and netbooks, but also and perhaps to a slightly lesser extent, tablets, smartphones and even desktops, TPM chips should now be everywhere and encryption should be simple and intuitive if not completely automatic and seamless (as it is on some new high-end hard disks). The amount of data we all have and carry around with us now is incredibly valuable, not just to us but also to others. With the prices of TPM chips at an all-time low, I really can’t see why we’re not seeing ubiquity here in the way they are implemented.
This article makes interesting and compelling points about mobile device security and how to radically increase the security of the data stored on mobile devices. This is a real issue and it's only going to become more pressing as more data is stored on more mobile devices.

When making decisions about security, individuals must determine the type of event they wish to secure themselves against. The more extreme the event, the more extreme the security precautions. More extreme security precautions are more costly: they're more expensive and they impose additional delays even upon the "good guys".

TPM architecture as described in the article is no different. It imposes manufacturing costs, slows down the computer's operation and is more subject to hardware failure. The market forces in mobile computing are telling manufacturers "make 'em cheaper and faster", not "make 'em more secure."

I predict, however, that the market segment represented by the article's author will grow.

Friday, October 21, 2011

Malaysia Expands Biometric Automated Clearance System

Immigration’s MACS goes mobile (The Star)
The MACS [ed. Malaysia Automated Clearance System] is a biometric system that allows swifter processing at checkpoints into the country.

State director Nasri Ishak said so far, more than 100,000 foreigners have registered for the MACS.

The five places include the second floor inside City Square Johor Baru shopping complex, Giant Hypermarket in Tampoi, Jaya Jusco in Tebrau and Holiday Plaza.

“These are places Singaporeans frequent.

“The counters would be open from 10am to 10pm,” he said, adding that it only took five minutes to register.

Nasri said that since the system was implemented in 2009, 98% of applicants has been Singaporeans.
Singapore-Malaysia isn't your average international border.

After all these posts about the Malaysia biometric border deployment and its effect on Malaysia-Singaporean border travel, I've finally broken down and cobbled together a map and photo that gives a flavor of the relevant geography. The red dot on the Singapore map is the approximate location of the Johor–Singapore Causeway pictured at right below.
Malaysia Map & Singapore Map Source: CIA The World Factbook.
Johor–Singapore Causeway Source: Wikipedia
(Click Image to Enlarge)

The Fight to Secure the Current Internet is Unwinnable

The internet is used to do all kinds of things that no one, even its creators, could ever have envisioned so this article shouldn't be taken as an opportunity to have a go at the giants upon whose shoulders so many stand. Rather, it presents an opportunity to conduct a cost-benefit analysis on the evolutionary approach and the revolutionary approach — the current arms race between cops and robbers or hitting the reset button — to internet security and identity assurance.

 Internet Creators Acknowledge Security Overlooked in Original Web Framework (FT.com)
A faulty initial design – with net protocols that rely on trust and freely allow anonymity – has been compounded by the slow rollout of security gear, he says.

“I can do a very good job,” says Mr Eisen, whose company tries to keep pace with advancements in the cybercrime underworld. “But in the long run, it is essentially hopeless.”

So, what would a secure internet look like? Mr Eisen has set out plans for Internet 2 in a document called Project Phoenix. Included in his blueprint are biometric identification, encryption of all keystrokes and virtual machines created for every transaction.


h/t @TimeTrax_ET

US State Department: Advanced Multi-Modal Biometrics initiative will have a large impact

US State Department looks to biometrics for border security (Government Computer News)
“We are putting lots of rigor and resources into identifying and authenticating who enters the country, but then we don’t seem to care if or when they leave,” he said. The U.S. Visitor and Immigrant Status Indicator Technology “was chartered after 9/11 to do that, but nearly 10 years on we still don’t do it.”
That's about to change.

Ukrainian President Viktor Yanukovych Vetoes Biometric Passport Law

Yanukovych vetoes law on biometric passports (Kyiv Post)
According to the president, the law "does not ensure the security of citizens, will lead to an unjustified increase in budget expenditures, will have a negative impact on the budget of every family, and, in addition, a number innovations proposed in the law do not meet modern needs, as they are unfounded and unacceptable."
This seems to be a reboot of the new biometric passport process rather than a rejection of the idea.

Earlier posts:
Ukraine: Biometric Passports & Visa-Free EU Travel on the Horizon (October 1, 2011)
Ukraine: Group of Parliamentary Deputies Request Veto of Biometric Passport Law (October 10, 2011)

India: Two ID Cards? Not so fast.

Now, two biometric I-cards for you (Hindustan Times)
Planning Commission will urge the Cabinet to resolve the issue of duplication (Times of India)

UPDATE:
Aadhaar gains momentum (Economic Times - Nov. 3, 2011)
The Authority moved swiftly skirting duplication controversy after the Census Office violated its understanding to share the data with UIDAI. The issue is yet to be resolved by Union Cabinet. UIDAI said it's focus is on inclusion and working with partners to enroll those sections who are marginalized and have no proof of identity.

The Authority said it is committed to working with registrars to organize special drives to enroll the homeless, aged, migrants, leprosy patients and other disadvantaged sections, strengthen the introducer system, enhance user convenience and choice to the resident and use advanced data analytics to improve enrollment.

Pakistan - Afghanistan Border Biometrics: Challenges Ahead

As is frequently the case, the challenges aren't technical (Dawn.com - Pakistan)
WHILE reviving the biometric system on the border with Afghanistan may be a welcome move, one hopes that the interior minister, who has said the screening process will start on Nov 30, is aware of the difficulties involved. Introduced in January 2007 at Chaman, the system was not welcomed by Afghan nationals, who attacked the border gates in protest. The arrangement had to be called off because the Kabul government, too, did not cooperate. Whether or not the scheme works this time will depend on the level of Pakistan`s determination to go ahead with it despite the odds.
The article advances a one-sided Pakistani point of view but it's sufficient to illustrate an important point. Biometric ID management systems can produce great results in a functioning bilateral relationship; they can't compensate for the lack of such a relationship.

Thursday, October 20, 2011

Immigration New Zealand goes biometric

New Zealand's immigration authorities have announced the introduction of new biometric technology to bolster border security and assist with visa processing times (VisaBureau.com via @Allevate)
"Biometrics provides better tools which allow Immigration to confirm an individual’s identity and protect New Zealand’s border," Dr Coleman said.

"The changes will protect people from identity theft and prevent the misuse of passports or visas by fraudsters and criminals. A further benefit is that the new technology will speed up visa application processing, as we are more readily able to confirm who we’re dealing with."

Face Recognition in the Era of the Cloud and Social Media: Is it Time to Hit the Panic Button?

Rarely is written such a thoughtful, thorough and insightful essay bridging the subjects of technology, society and the individual.

Joseph Atick on facial recognition: (findBIOMETRICS)
So what can we do?

♦ Condemning the technology serves no purpose.
♦ Attempting to interfere with its progress is futile.
♦ Banning it is a desperate act.

History is filled with accounts of failed attempts to put the lid on technologies that have a legitimate place in society. Protectionism will most certainly fail once more in our hyper-networked and global society. Face recognition is a tool that has a legitimate role in enhancing security and in combating crime and terrorism and it would be unfortunate to see its responsible use derailed by knee-jerk reactions and irrational fear.

We need to address the root cause of this threat to privacy by focusing on the ease with which identification databases can be built through automated harvesting of identity-tagged images over the web. Of course, we cannot prevent consumers from posting images of their lives or tagging them. So how do we prevent these publicly accessible image sources from being assembled into comprehensive identity databases? We believe there is a series of technical measures that collectively provides the necessary protection.
Dr. Joseph J. Atick, is the Vice Chairman and the co-founder of the International Biometrics & Identification Association (IBIA). He is a recognized early pioneer in the industry, having been one of the original inventors of face recognition technology and the co-founder and leader of several companies in the identity management industry, including Visionics, the first company to commercialize face recognition.

I say this a lot but this time it goes double: Read the whole thing.

Facial recognition apps spark privacy concerns in Congress

Aliya Sternstein, Nextgov.com
"As the committee considers privacy legislation in the future, we will need to understand the capabilities of this technology, as well as the privacy and security concerns raised by their development," Rockefeller wrote. "I ask that the commission provide a report to the [committee] following the workshop, and that this report include potential legislative approaches to protect consumer privacy as this technology proliferates." He wants recommendations by Feb. 8, 2012, according to the letter.

Meanwhile, the FBI expects to activate a nationwide facial recognition service for authorities in select states by January 2012. Officials will be able to upload a picture of an unknown person and receive a list of mug shots ranked in order of similarity to the features of the subject in the photo. The tool will search among the 10 million images stored in the FBI's biometric identification system for suggestions, but will not provide a direct match.

In Wednesday's letter, Rockefeller asked whether there should be special protections for the use of facial recognition on or by young people, among other things.
Read the whole thing.

See also:
FBI to launch nationwide facial recognition service
Face Recognition in the Era of the Cloud and Social Media: Is it Time to Hit the Panic Button?

Biometrics, ROI, Development and Universal Health Coverage

Yes, They Can: How Emerging Economies Are Building Universal Health Coverge

Marcelo Giugale, World Bank’s Director of Economic Policy and Poverty Reduction Programs for Africa writing in the Huffington Post:
...Brazil, Chile, China, India and Indonesia have figured out a way forward, and are moving ahead. Here is what they are doing.

First, they have reached a political consensus: if you cannot pay for health care, the government will pay for you. For them, this is not just moral principle. It is a way to ensure political stability. What is worse for economic growth: to use public dollars to fund health services for millions in need, or to have those millions angrily demonstrating in the street? Solidarity is good for business. Of course, this assumes that you can tell who is poor and who is not. Well, now you can. Advances in biometric technology have made it easier and cheaper -- about $4 per person -- to identify individuals, to know their income, and to track what subsidies they are getting. This may sound trivial if you live in Canada or in France where you have an assigned social security number and "free" health care, courtesy of the state, from cradle to grave. But it is revolutionizing social policy in the developing world.
The identity assurance that biometrics can purchase for $4 is worth far more than four dollars in anti-fraud, anti-free rider savings. In other words, the Return on Investment in biometric idenity management systems can make the difference between a large, complex social program's success or failure.

USA: Georgia Agricultural Commissioner and San Francisco County Clerk agree: Biometrics Make ID Stronger

Two very different articles touching on the subjects of biometrics, ID and people illegally residing in the US have been published over the last couple of days.

One is an opinion piece by Bryan Tolar, President of the Georgia Agribusiness Council appearing in the Tifton (Ga.) Gazette.

Guest workers: A workable system is needed
Agriculture Commissioner Gary Black traveled to Washington, D.C., this week to testify before the Senate Judiciary Committee on the need for a workable guest worker program. He discussed Georgia’s immigration situation and spoke in favor of a program that works for Georgia’s citizens and non-citizens alike. He mentioned that his agency carries out many tasks delegated to them by the federal government, so why not allow Georgians to manage a guest worker program to fit the needs of Georgia.
The other article is from the Dayton (Oh.) Daily News discussing the proposed issuance of identification cards to residents with no other form of ID, without regard to immigration status. Though the issue is being discussed for Dayton, Ohio, the article is sourced from cities (New Haven, Connecticut and San Francisco, California) that have experience in issuing similar ID's.

Dayton considers immigrant IDs
The need for the card surfaced in New Haven in 2005 when immigrants, lacking ID to open bank accounts, were routinely profiled for theft on payday. Junta for Progressive Action Inc. — a nonprofit serving low-income immigrant communities in New Haven — called on students at Yale University Law School to verify whether the city could legally issue the cards.
So, we have two very different groups, with two very different interests, facing very different challenges. Both sets of challenges, however, flow from an underlying failure of identity management.

Georgia agribusiness and city governments are both attempting to confront problems arising from a lack of legitimate ID, an issue we have addressed many times. Agribusiness wants a more certain, affordable and predictable labor market. The city governments want less crime involving people without ID.

It is Interesting to note, though it won't surprise frequent readers of this blog, that both see that biometrics are useful tool in administering the type of ID management system that will advance their higher order goals.
This program would require those in the country illegally to pay a fine for breaking the law. It would give them a biometric identification card that would allow the state of Georgia to track their whereabouts and keep up with their employer. It would make them go back to their home country periodically – they would truly be guest workers. Commissioner Black’s comments were clear that these foreign workers would not receive amnesty and they would not be on a path to US citizenship. It is a solution that has merit on all sides, as it would incentivize illegal immigrants to come forward, pay their fine, get an identification card, and work in our country for a set period of time safely and legally [emphasis mine].
and
After the San Francisco Board of Supervisors passed legislation to issue city ID cards in 2007, it fell to Karen Hong Yee, director of the Office of County Clerk, to design a system with built-in safety features to shield against fraud and counterfeiting.

“We did a lot of vetting of worst-case scenarios,” Hong Yee said. “My card is more secure than a driver’s license.”

The SF City ID Card system includes biometric facial recognition software, to ensure the same individual doesn’t apply twice under different names [emphasis mine].
Georgia farmers and San Francisco public servants agree. Biometrics make a better ID.

Wednesday, October 19, 2011

Sensor Manufacturers Responding to Demand for Mobile Biometrics

Fingerprint sensors for mobile ID devices (Help Net Security)

The linked article focuses on the products one firm, DigitalPersona. The market that the sensors are built to address is also well described.
These devices are increasingly being used around the world in Civil ID applications such as voting, benefits-checking and micro-finance.

Many emerging countries are turning to biometrically-enabled mobile ID terminals in an effort to combat fraud in delivering essential services such as voting, benefits, pensions and banking. These devices were initially used for military and law enforcement, but the rapid growth of Civil ID programs is creating demand for smaller, more affordable versions that deliver high-quality identification.
In order for biometric technologies to reach their full potential, several things need to converge: Algorithms, Sensors, Applications, Deployment.

Algorithm - A limited sequence of instructions or steps that tells a computer system how to solve a particular problem. A biometric system will have multiple algorithms, for example: image processing, template generation, comparisons, etc.
Sensor - Hardware found on a biometric device that converts biometric input into a digital signal and conveys this information to the processing device.
Application - The software that allows sensors and algorithms to be used to meet a need.
Deployment - Installing, setting up, testing and running. This military term, which means the placement of troops and equipment in the field, is widely used with computers as an alternate to the word "implementation."

Software companies like SecurLinx need algorithms and sensors to make applications and deploy systems. There is a huge demand for mobile applications and it's good to see the manafacutrers developing the prerequisite hardware.

India UID: Audit, Logistics & Security

India builds world's largest biometric ID database (UKauthorITy.com)

We've devoted a whole lot of attention to India's UID project, but I don't recall coming across these details about how the project works before.
Mark Crego, senior defence and public safety executive at Accenture, told UKAuthority.com the fingerprint and iris data has already been captured for 100 million people, with facial recognition as a further check that data is correct by matching numbers with gender and age band. "Sometimes you might be enrolling the whole family, in which case the officer entering the data might get it wrong. But using the technology, you can match on age as well, so the system could see if a male adult number was being wrongly ascribed to a 12-year-old girl, for example.

The vast process of registering all India's citizens, including those in extremely remote areas, inevitably involves a mix of high and low tech solutions, Crego said. While registration officials would have access to high-tech portable or mobile enrolment stations, often the results of registration including biometrics would have to be saved onto encrypted thumb-drives and sent back to base in the ordinary postal service, he said.
The rest of the article contains some good insight into facial recognition systems.

Tuesday, October 18, 2011

Iris Biometrics, Identity & Demography - Identity Management Word of the Day: Stroma

Stroma - The supportive framework of an organ (or gland or other structure), usually composed of connective tissue. The stroma is distinct from the parenchyma, which consists of the key functional elements of that organ. More, including the Greek etymology of the term here.

From the article linked below:
In a typical iris scan, a camera snaps an image of a person's eye while it is bathed in near-infrared light. Software identifies the iris portion of the eye, and then analyses 1024 sample regions, looking for patterns in the way the delicate filaments of tissue, known as the stroma [emphasis added], reflect light. This unique information is then used to generate a code of binary numbers.

Iris scanner could tell your race and gender (New Scientist)
There's much to recommend the linked article. It has good information about:

♦ The anatomy of the eye's iris
♦ Why iris anatomy makes it fit for use as a biometric modality
♦ The technique used to generate a biometric template from the iris
♦ The history of using the iris as a biometric modality
♦ The iris as a demographic identifyer as well as a unique individual identifyer

The distinction between a unique identity and an individual's demographic characteristics has large implications for privacy and commercial marketing.


h/t @M2SYS

Biometrics for Tuberculosis Management

Operation ASHA applies Biometrics to manage Tuberculosis Medication in Slums reducing instances of multi drug resistant TB (World Bank blog)
In an attempt to improve patient monitoring and further decrease the treatment default rate, Operation ASHA has partnered with the Microsoft Research to develop biometric technology. This low-cost technology tracks TB patients’ compliance with their treatment regimens. When a patient initially registers at a treatment centre, his or her fingerprint is recorded on a biometric device. Each time that patient revisits the DOTS centre to take his or her medication an electronic record is created when their fingerprint is scanned. At the end of each day, a list is generated and reviewed by a supervisor. Those counselors with patients who missed a dose are notified and given 24 hours to administer the treatment. Missed doses can have catastrophic consequences. Missing medication can lead to Multidrug resistant TB (MDR-TB) and extensively drug resistant TB (XDR-TB), which are global concerns. Operation ASHA reduces drug resistance in our patients by ensuring that they take their treatment regularly for the full 6 – 9 months.

Our biometric technology is currently used in 17 centers in the heart of Delhi’s urban slums, and more than 1300 patients have been registered on the biometrics. The precise tracking and monitoring that can be achieved with biometrics has reduced our default rate to much less than 3% – a number previously considered impossible to achieve in slum areas.
Poor ID management costs lives and increases human misery. Here's just one of the many ways biometrics helps.

Earlier post on Operation ASHA

H/T @M2SYS

SecuGen Widens Patent Infringement Suit

SecuGen, maker of the Hamster, has extended its patent infringement suit to include several new parties.

SecuGen Corporation Sues Suprema Distributors and OEM Partners for Patent Infringement (Zimbio.com)
SecuGen Corporation, a world leading provider of fingerprint sensor technology in the Silicon Valley, announced today that it has added RBH Access Technologies, Inc., RBH USA, Inc., and Apiary, Inc. as defendants in its ongoing patent infringement lawsuit against Suprema. These additional defendants are distributors and OEM manufacturers that make, use, and sell products containing the Suprema sensors that have been accused of infringing SecuGen's patent, U.S. Patent No. 6,324,020.

How Image Processing Will Change the World

Exploring the future of software that can "see" (The Economic TImes)

The linked article does an excellent job of outlining applications that flow from the increased ability of software to make sense of non-textual, optical/image-based inputs. Biometrics like facial recognition are just the beginning.

Rituparna Chatterjee, the article's author, places facial recognition in its proper context here:
While DNA and fingerprints remain the US Federal Bureau of Investigation's favoured means of identification, it's now also using facial recognition. "Image Processing is an important technology for investigation," says Bill Casey, program manager of the FBI's Biometric Center of Excellence.

"When hunting for a criminal, we look through our database of over nine million photos for possible investigative leads." Casey shares how his colleagues recently nabbed a double-homicide suspect by comparing his photo with the US Department of Motor Vehicles' local database of 30 million photos in the state of North Carolina.
She is also perceptive in her observations of how Google has been showing interest in image processing technology. It's an article well worth reading in its entirety.

See also:
Google debates face recognition technology
Biometrics, object recognition and search

Monday, October 17, 2011

Staying one step ahead of identity thieves with Biometrics

Federal News Radio interview with Jim Williams (audio at the link)
Jim Williams is the former commissioner of GSA's Federal Acquisition Service. He's now the Senior Vice President for Global Professional Services at Daon.

Mr. Williams discusses biometrics and his observations in moving from the government to the private sector. I didn't time it but the segment lasts about five minutes.

UK pays £22.5 million for 'questionable' Democratic Republic of Congo election

British taxpayers paid £22.5 million to fund a voter registration process in the Democratic Republic of Congo that has put hundreds of thousands of fake voters on the electoral roll. (The Telegraph)

The leaked survey obtained by Zetes, a Belgian firm that issued biometric polling cards, found that more than 700,000 so called "doublons" had been added to the list in just five provinces.
Read the whole thing. It's pretty sad. Biometric systems aren't magic. If they are purchased, implemented and administered by the corrupt, one cannot expect the output to be anything other than corrupt.

What biometric ID management systems have going for them, when they are properly conceived and implemented:
♦ They are less labor-intensive than older ID management technologies.
♦ They are more easily audited than older ID management technologies.
♦ They offer a determined manager extremely valuable tools for holding staff accountable.

Like biometric time-and-attendance systems, biometric voter systems are extremely effective tools in the hands of capable managers. They can't run clean elections all by themselves.

ID management is about people, after all.

Macon, Georgia to Purchase Mobile Fingerprint ID System

Overiew of Macon City Council meetings October 17-21, 2011 (Examiner.com)
Res., authorizing the Mayor to execute a Memorandum of Understanding for acceptance of a grant of $21,350.52 from GEMA for the purchase of a Mobile Biometric Fingerprint Identification System.<br><br>

More info. from a couple of months ago in Conyers, Georgia on what seems to be a similar, if not identical, system: Police grant offers quick ID of fingerprints.

Friday, October 14, 2011

Shengen & Switzerland

The Schengen Agreement eliminates all internal border controls among the 25 European states who have entered into it. The implementation of the Schengen Agreement has meant harmonized customs regualtions and passports. Switzerland has issued biometric passports since early 2010.

This page is a really good aggreagtion off all things both Shengen and Swiss. Switzerland's place in the Schengen agreement is interesting because Switzerland is not in the EU and therefore does not use the common currency. That, however, doesn't mean that Switzerland is unwilling to enter into other multilateral agreements with European countries.

More on Schengen:

For those as confused as I was about how to pronounce 'Schengen," this should help. Schengen is a town in Luxembourg (pop. 1500) so think German, not Chinese. It rhymes with swingin' as in "Schengen is a swingin' town." This is a mnemonic device, not necessarily a fact.
See also:
Europe: Biometric Visas Begin To Function In The Schengen

Nigeria, Development & Poverty: Biometrics Uncovers 71,135 Ghost Pensioners

Less than half are legitimate recipients (The Punch)
The team was mandated by the Federal Government to restructure and sanitise the system.

Investigations revealed that before the biometric exercise, there were about 141,792 pensioners throughout the country with a total monthly pension of N3.3bn.

Our correspondent learnt that after the first phase, the team came back with a total number of 70,657 genuine pensioners out of the 141,792 pensioners before the commencement of the exercise.

A source said, “These are the findings of the team, realising 71,135 ghost pensioners. With this discovery, the total monthly pension of these genuine pensioners dropped to N790m.”
44,320 people entitled to receive pensions were also added to the rolls.

Countries aren't poor because of natural resources, the ethnicity of their inhabitants, fertility of their farmland, geography, or even the bellicosity of their neighbors. They are poor because of corruption. Corrupt countries are poor countries and people in poor countries experience more suffering in their shorter lives than those who live in less corrupt countries.

The poverty fueled by the type and breadth of corruption discovered in Nigeria is perhaps the world's foremost cause of human suffering. If political will and organizational ability can be found in the same place at the same time, biometrics can help extend a lifeline to the most vulnerable and desparate of people.

Non-biometric ID management in rich countries is expensive and is highly dependant upon the integrity of those issuing the identity credentials (birth certificates, drivers licenses, passports, etc). Biometrics offer places with ability and will the opportunity to lift their populations out of poverty at a price they can afford. This leapfrogging phenomenon is similar to the telecommunications revolution that allowed large portions of Africa to skip the expensive and labor-intensive technology of the copper wire telephone network in favor of a cellular system.

See also:
Rigorous ID management is necessary in controlling ghost workers
Biometrics reveal a staggering level of fraud in Nigeria

Thursday, October 13, 2011

New York City: Fingerprints for Auditing Food Stamps

Fingerprinting Those Seeking Food Stamps Is Denounced (New York Times)
New York City, where 1.8 million people receive food stamps, is one of only two jurisdictions in the country that require applicants to be fingerprinted, according to Ms. Quinn’s office. The other is Arizona.

California and Texas recently lifted a similar requirement; New York stopped using fingerprinting for food-stamp recipients statewide in 2007, but kept it in New York City at the Bloomberg administration’s request.

Robert Doar, the commissioner of the city’s Human Resources Administration, said the policy deterred fraud and prevented case duplication, catching 1,200 duplicated cases a year and saving about $4 million annually in federal benefits.
The Gothamist also has a poll associated with its article on the issue. Currently, a slim majority of the 296 respondents answer in the affirmative to the question, "Should Food Stamp Recipients Be Fingerprinted?" This despite the generally disapproving tone of the two linked articles.

Europe: Biometric Visas Begin To Function In The Schengen

Strengthening the integrity of the Visa Information System (Newish.info)
The new biometric visa, which will collect the face and fingerprints to make it safer carriers, has already launched in all countries of the Schengen borderless Europe.
...
Currently, the Schengen area are Germany, Austria, Belgium, Denmark, Slovakia, Slovenia, Spain, Estonia, Finland, France, Greece, Holland, Hungary, Italy, Iceland, Latvia, Lithuania, Luxembourg, Malta, Norway, Poland, Portugal, Czech Republic, Sweden and Switzerland.
But there's this article, too: Belgium does not comply with the obligations to issue biometric passports. One way to read these stories together is: Belgium has the ability to process the biometric passports of other countries while not issuing biometric passports themselves. I wonder how many other countries in the above list are in the same boat.

Wednesday, October 12, 2011

India UID Wins Bureaucratic Victory

via @silicontrust
UIDAI to be fully independent (Hindustan Times)
Nandan Nilekani-headed Unique Identification Authority of India (UIDAI) mandated to issue unique IDs or Aadhaar cards to every resident in India will get full "functional autonomy", but its future role in enrolment will be decided by the Union cabinet later this month. Planning Commission's deputy chairperson Montek Singh Ahluwalia is expected to inform the finance ministry on Wednesday that it is willing to delegate all powers to the authority and it should have full "autonomy" without any panel's monitoring.
UIDAI to have a free hand over finances (Times of India)
The authority is all set to get financial autonomy to implement the UPA II's pet project. "We are fully backing the UIDAI," deputy chairman of Planning Commission Montek Singh Ahluwalia said.
This tiny story is huge news.

UID is a very big effort that will require a lot of money and buy-in from a lot of individuals and groups with vested interests in the status quo. Any program that attempts to radically reduce corruption will be met with hooray's and huzzah's in public while those who benefit from the corruption will fight tooth and nail behind the scenes to scupper any attempts at reforming a system that works quite well as far as they are concerned.

When corruption is as endemic as it is in India, that's a lot of scuppering.

On a related note: Opponents of biometric identity management techniques (privacy advocates) often accuse biometrics providers of a lack of good faith for advocating for the use of the technologies they offer. They should at least be fair-minded enough to recognize the possibility that those who are against the adoption of biometric ID management technologies may be as self-interested as they assume the technology providers to be.

See Also:
India: UID is the Easy Part (Sept. 20, 2011)
As technologically, logistically, politically and organizationally challenging as the UID project is, it's the easy part. It makes tackling even harder problems possible.

India: Is UID Under Siege? (Sept. 27, 2011)
Identity management is about people. The people issues are always thornier than the technological problems. And, yes, UID will upset many applecarts. That's why it's important and that's why it will be hard.

India: Insight into the Bureaucratic Struggle for UID (Sept. 30, 2011)
Unique Identity Authority of India (UIDAI) chairman, Nandan Nilekani, vigorously defended his body against criticism from various government departments and dismissed concerns about the lack of checks and balances in its functioning.

India: New Steps to Tackle an Old Problem

Indians are less gullible now (New York Times)
They have far greater expectations from the government, and the state has more money to spend on them. There is genuine political will, too. The middle class is now claiming that its heart bleeds for the poor and that poverty is a direct consequence of political corruption, and so the government must be humiliated. The news media have been granting these wishes almost daily between commercials. So the government really does have good reasons to cure poverty.
...
India’s battle against poverty is as old as its national identity, and it has achieved reasonable success, especially in the last two decades. Among the stark tokens of absolute poverty that have disappeared are those lumbering human beings with deformities and injuries that made grown men shut their eyes and children remember forever.
The quoted text above doesn't mention biometrics, but the article is about India's UID program. Read the whole thing. The article relates India's recent history, poverty, culture and government to each other in a tight package. ID management is about people.

Bolivia: UNASUR Highlights Biometric Registration for Elections

Biometric registration for Bolivia´s Judiciary elections (Prensa Latina)
Camacho termed the elections unique and important to strengthen the democracy and the openness for administering justice, showing why many wish to adopt the proficient system, whose success he has seen along many years of work through out Latin America.

"Bolivians should be proud of it. Having such system, whose completion with other elements even allow to issue ID cards," he stressed, reminding that over five million Bolivians will vote on October 16 to elect the members of the Supreme Elections Court, Constitution Court, the Farming and Environment Court and the Supreme Court.
Hopefully, Bolivians can use biometrics effectively to strengthen their elections and their democracy.

Tuesday, October 11, 2011

Business Management & Biometric Time-and-Attendance

Biometric ID system or not, old habits die hard   (Pakistan Today)
Employees of the Sindh government’s departments have been found indifferent or responding slowly to the newly installed Biometric Identification Electronic System (BIES), which ensures that all employees of the provincial government arrive at work on time and put in the required number of hours.

Since the installation of the system in January this year, only 2,888 enrolment forms have been received from the 42 departments of the provincial government, including the Governor’s House and the Chief Minister’s House.
It appears that a lot of money (≈US $900,000) has been spent on a biometric time-and-attendance system for the government of the province of Sindh containing 50 million people and the city of Karachi. Only nobody's using it.

A lot of biometric ID management installations come down to managerial, rather than technical, challenges. This is especially true for biometric time-and-attendance systems.

Technically, biometric time-and-attendance systems are pretty straightforward but they can't manage a business all by themselves. A company that wants to maximize its Return on Investment in biometric ID management systems, will view the technology as a tool supporting able managers, not as a substitute for managerial skill.

Monday, October 10, 2011

Transcript: Tweet Chat on Biometric Technology 10/06/11

Subject: Privacy
The discussion, moderated by M2SYS, with James Baker of NO2ID dealt with the issue: Biometrics & Privacy.

Click image to view chat

Scotland: Glasgow Clubbers give fingerprints to verify age

Reducing violence, disorder, anti-social behaviour (stv)
Carlo Citti, the club owner whose has introduced the idea, said: "In the past 14 days, over 7000 people have registered through our scheme. And out of that 7000 people we have actually caught 19 people with forged passports that were under age.
Video and text at the link.

7000 people in a fortnight! That's a pretty good pace.

Systems like these can pay off in several ways:
♦ Faster ID management can increase revenues by shortening wait times.
♦ More accurate ID management can reduce legal liability for serving the underaged.
♦ Increasing the safety of the establishment can be good for business.

Ukraine: Group of Parliamentary Deputies Request Veto of Biometric Passport Law

They say it's too Costly; Doesn't meet International Standards (Kyiv Post)
The adopted document, according to the office of the UN High Commissioner, not only fails to bring Ukraine closer to the EU, but, vice versa, it undermines efforts to meet the requirements of an action plan to liberalize the visa regime with the EU," the press service of Reform for the Future leader Ihor Rybakov quoted him as saying on Monday.

The MP also noted that the cost of the minimum number of documents necessary for all Ukrainian citizens (domestic passports, foreign passports, social identity cards, identity cards of the insured people, pension certificates, certificates of persons with disabilities, and driving licenses) will be Hr 1,600.

"It means that in 2012 alone our citizens will have to spend Hr 60 billion on these documents," Rybakov said.
1,600 Ukrainian Hryvna = US $200.

The biometric part doesn't seem to be at issue.

Australia: NSW Rail Transport adopts Biometric Time-and-Attendance

RailCorp goes biometric for employees (ZDNet - Australia)
The organisation currently requires staff to manually record their time at work on paper time sheets or attendance books, which can introduce errors in payments and is open to employees providing fake times.

When RailCorp rolls out the system in 2012, its team of over 14,000 employees will have their fingers scanned and converted into a mathematical algorithm. RailCorp has stated it will not store images of employee fingerprints.

Footsteps instead of Fingerprints

Your walk can give you away (New Kerala)
Researchers asked 104 volunteers to walk across boards studded with thousands of highly sensitive pressure sensors. They recorded 10 steps per person and then analysed how each persons step changed to produce a unique profile for each person.
File this one under "Any biometric modality can be useful, especially if it’s the only one available."

It is, however, extremely unlikely that the footstep biometric described in the story will ever be the only one available. If you can put a ten foot electronic carpet somewhere, you can probably put a camera or fingerprint reader there, too. Then there's the enrollment process.

This does serve to show that nearly anything (and I mean anything) could theoretically be used as a biometric identifyer, but I wouldn't want to clean the sensor.

Reducing risk through biometrics

Short but sweet (ITWeb - South Africa)
Biometrics offer higher levels of accurate identification that can't be achieved with any form of access card, password or personal identification number (PIN), says Marius Coetzee, MD of Ideco.

These security controls all have four fundamental flaws: they are routinely lost, stolen, forgotten or shared, Coetzee says.

FBI to launch nationwide facial recognition service

Next-Generation Identification (NGI) system under development (Nextgov.com)

There's a lot going on in this article.
The federal government is embarking on a multiyear, $1 billion dollar overhaul of the FBI's existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings.

Often law enforcement authorities will "have a photo of a person and for whatever reason they just don't know who it is [but they know] this is clearly the missing link to our case," said Nick Megna, a unit chief at the FBI's criminal justice information services division. The new facial recognition service can help provide that missing link by retrieving a list of mug shots ranked in order of similarity to the features of the subject in the photo.
The first half of the article covers organizational aspects of the NGI system: a build-out of the FBI fingerprint database — and the beauraucratic infrastructure allowing the FBI to support local law enforcement nationwide — to include other biometrics. In this case, facial recognition applied to mug shots.

For now, it's not clear exactly how useful such a system will be compared to the technological and organizational overhead it will require. If an officer has arrested someone they are having trouble identifying and they want to enlist the FBI's help, the FBI AFIS fingerprint system works great. The time when a picture would be most useful is when fingerprints aren't an option, meaning the person isn't under arrest.

In this case, the quality of the 'probe' image (as opposed to the database image) will be extremely important and a significant amount of officer training is involved in using such a system. But if you want to have face as well as fingerprints as an option, you have to start somewhere: collecting the data and building the institutional linkages.

The second half of the article covers privacy from a variety of perspectives:

♦ Sunita Patel - staff attorney with the Center for Constitutional Rights: "Any database of personal identity information is bound to have mistakes. And with the most personal immutable traits like our facial features and fingerprints, the public can't afford a mistake."

I'm not sure I follow. As with every other human endeavor, Law enforcement is not a mistake-free business. Never has been; never will be. The application of a new technology or process should be judged by whether or not it improves the status quo by a greater measure than its costs. While we're on the subject of mistakes, isn't letting known violent offenders go free to victimize others also a mistake?

♦ Jim Harper - director of information policy at the libertarian Cato Institute: "It might be appropriate to have nonconvicted people out of that system."

Good point. One can see why Federal, State and Local law enforcement would want to keep mug shots in the database of people that have not been convicted of criminal acts. All sorts of organized crime comes to mind (drugs, gangs, prostitution) and biometric ID management technology can be extremely useful in learning about these criminal organizations.

It's also easy to see the point of view of someone who has been arrested for something they did not do and has been cleared of any wrongdoing. They proably don't want to be in a database of bad guys after having been wrongly accused in the first place. There are also (for now) some technical reasons why you wouldn't want to junk up the database with the photos of the truly innocent. First the search will take longer and second the quality of the result will go down. The parenthetical "for now" above is because over time Moore's Law and better algorithms will compensate.

♦ The article also links to a very frank Privacy Impact Assessment conducted by the FBI. See Section 2.3: Privacy Impact Analysis.

♦ Nick Megna, an FBI CJIS Unit Chief: "This doesn't change or create any new exchanges of data," he said. "It only provides [law enforcement] with a new service to determine what photos are of interest to them."

"This is not something where we want to collect a bunch of surveillance film" and enter it in the system. "That would be useless to us. It would be useless to our users."

This subject will continue to generate significant and, we hope, healthy debate. Discovering the most advantageous way to incorporate new technology in law enforcement and public safety depends upon it.

Earlier, far less detailed, post on the subject: FBI's Next-Gen Multi-Modal Biometric ID management System

Thursday, October 6, 2011

Malaysia: Border Controls and Non-Citizen Register Update

From mid-March to early September, Malaysia received a lot of atttention here for three identity management items: A potential biometric voter register; Biometric border checks; A biometric register if non-citizens. Two of these initiatives, border checks and the biometric non-citizen register, have been fully implemented and are in the news again today.

Here, Malaysian Tourism Minister, Dr Ng Yen Yen, addresses both programs briefly:
Malaysian tourism minister apologises for June's causeway jams (asia-one - Singapore)

This article publicizes some of the things Malaysia learned about its non-citizen residents through the 6P exercize.
Indonesians form highest number of foreign workers (the malay mail)

Ireland: Tackling Welfare Fraud with Biometric ID

Identity card to help combat welfare fraud (Irish Examiner)
New card to cut welfare fraud (Irish Times)
New public service card to crack down on welfare fraud (Independent.ie)

The Independent has the start-up cost as €24m. The Times has last year's overpayments as €83.4m.
Welfare programs that are seen as being managed with as little fraud as possible receive higher public support than those that aren't.

India: Biometric cards to vet fake lawyers

Pune Bar Association to get Biometric cards (DNA India)
After a spurt in cases of fake lawyers in Pune, the Pune Bar Association (PBA) is planning to introduce biometric card system to keep tabs on “bogus” lawyers in the district court.

Tuesday, October 4, 2011

Most Popular Posts: September 2011

September 2011 was a record-setting month for traffic here at the SecurLinx blog. Thanks to all who visited and helped spread the word. In case you missed a couple, the following posts generated the most online interest last month.

Malaysia: No extension to amnesty timeline
The linked article has so much more than a nugget of ROI. It has death threats, human trafficking, organized crime, huge numbers of enrollments and ROI.

Biometrics for Time-and-Attendance aren't that Controversial
Those concerned about an employer's ability to keep private information private have far greater causes for worry than biometric time-and-attendance systems.

How DMV Face Rec Can Prevent Identity Theft

MSU Technology Detects When Fingerprints Have Been Altered

Gene that causes people to be born without fingerprints discovered
Identity management word of the day: Adermatoglyphia.

Burgeoning Facial Recognition: How come no pitchforks?
Several reasons why new facial recognition deployments are rarely met with scorn.

Event: DoD Defense Biometrics & Forensics Director in Fairmont, WV October 12

John Boyd, director of Defense Biometrics & Forensics for the U.S. Department of Defense, will speak Wednesday, Oct. 12 in Fairmont.  (The State Journal - West Virginia)

The event is sponsored by the WVHTC Foundation Affiliate Leadership Council (ALC).
Morning News Round-up

Uganda: Using Biometrics to Ease Processes of Identification (TMCNet)

Ukrainian Christians protest against biometric data law (Monsters & Critics)

Indonesia: Jakarta wants new deadline for e-ID project (The Jakarta Post)

Pennsylvania: Luzerne County workforce begins using new biometric time clock system (Citizens Voice)

New Mexico: Border Patrol agents using IAFIS nab sex offender (Las Cruces Sun-News)

Monday, October 3, 2011

India UID elicits global attention

This three minute CNN video the accompanying article does a really good job of explaining the status quo that makes UID necessary by talking with real people who struggle to get by in a modern world without a legitimate ID.

Creating ripples across the world (DNA - India)
Sources said interest in knowing more about UIDAI and its implementation has been expressed by a number of foreign diplomats, including those from the United States and other European and Western nations.

“UIDAI is the single largest IT project of its kind to have ever been executed by any country. This fact itself raises innumerable questions, the biggest being how we were handling it,” a senior UIDAI official, said.

Currently, the world’s largest biometric database is with the US-Visit programme, which has data of about 100 million people. US-Visit is short for United States Visitor and Immigrant Status Indicator Technology.
With the census and UID, India is attempting something never before attempted. The stakes couldn't be higher. The risks to (and rewards for) India's national self-confidence and the future of its citizens are huge.

And creating ripples at home (Khaleej Times)
...[T]he government should focus on changing these harsh realities. To begin with, it must streamline delivery systems, weed out ineffective programmes and prioritise self-selection schemes such as rural job guarantee scheme. These initiatives can be supplemented with intelligent use of technology, particularly biometric information-based Unique Identification cards, for better targeting 
the benefits.
UIDAI gets first complaint of misuse of personal data (The Economic Times)
"The contact centre of UIDAI is handling the grievances and complaints of all stakeholders. They have not received any specific complaint related to privacy concerns while collecting individual data. However, a complaint regarding misuse of address proof was received," the authority said in reply to an RTI query.

See also:
Indian Govt. plans to go biometric with census (March 25, 2010 - our first post on the subject)
7 things to know about India's UID (May 11, 2011)
India UID: It's About People (August 31, 2011)

All posts on India

Security startups pitch for £500,000 funding

The event — developed by OmniCompete — will see more than 30 technology startups converge in London (Wired.co.uk)
UK company Ipsotek has developed a video analytics system that can process live video in real time and send alerts when the recognise predefined events or behaviour. This can be used to augment CCTV, as a computer processor can monitor many video channels simultaneously instead of relying on security personnel. It has applications for intrusion detection and spotting gaming analysis in casinos.
Other interesting, non-biometrics security technology is described in the Wired piece.

Biometrics Industry Executive's Perception of Public Perceptions

Biometrics scares most people (CIO - Germany)
"There are perception issues we all face," said John Mears, director of biometrics and identity management solutions at Lockheed Martin Information Systems and Global Services Civil. In his keynote address at the Biometric Consortium Conference last week, Mears acknowledged that the public perception of biometrics tends to be rather negative because it's personal and physical.

"There's the perception that biometrics can injure you," he pointed out, telling industry attendees there's a need to educate the public that gathering of biometric samples, such as scans of the iris of the eyes, is not harmful. He said he can understand how people are nervous when the subject of DNA comes up. DNA is in very human cell, and saliva samples collected in a cotton swab in the cheek, for example, are enough to allow an analysis of each person's unique DNA profile as a unique identifier (though identical twins share the same DNA).
See also: Prototype "Rapid" DNA

In order to Interact with a biometric ID management system, an individual has to do something or have something done to them. These "things" vary depending upon the biometric modality involved.

Facial recognition is probably the least disruptive modality because all it requires is that an individual turn their face toward a camera. DNA is probably the most disruptive because one must part with a piece of themselves. There'a a big difference between taking a picture and putting something in someone's mouth. The other modalities fall somewhere between these two on the annoyance/fear scale.

It is, therefore, very difficult to discuss "Biometrics" all at once in terms of the general public's perceptions of interacting with biometric systems.

Saturday, October 1, 2011

Insight into Google's Ideas about Security

Googling from the inside out (Smart-Grid.TMCNet.com)

The article is about Google's Pryor, Oklahoma data center. A large section, however, is devoted to Google's and the center's approach to security.

The relevant paragraph is the longest one. It begins:
"We take security and privacy very seriously which is why our facilities are not something we have regular tours through," he said. "This is why we have the kind of fencing which you might see at a medium-security prison, because if that trust (in Google) goes away, it would be very difficult for us to get it back." "Besides the fencing and the gate, we have an extensive security system," Wooten said. "Of course, we have security cameras, highly controlled badge access in biometrics to the facility and specific parts of the facility which are more sensitive, iris scans, fingerprint scans, and even restricted access to other 'Googlers' -- only the people who are authorized to be in a certain location have access. Even people from other Google data centers, there are five in the U.S., don't have clearance to our center -- security is that tight."