Tuesday, January 31, 2012

Passwords: "Redundant and Bankrupt"

Today's Sydney Morning Herald has a wide-ranging article covering some recent facial recognition news.
Australian security expert James Turner, of IBRS, said the entire concept of a password, as in a series of characters that you type in via a keyboard, had "become redundant and bankrupt".

"It just doesn't work for the number of sites and resources that your typical person uses personally, and then you include corporate [resources] and it just becomes a nightmare."
See also:
More on the Awesomeness of Passwords

Subcommittee on Biometrics Sets International Standards Related to Biometrics

Phuket standards meetings a success (PlanetBiometrics.com)

The real meat is in the pdf linked from the article (two pages).

Topics ranged from highly technical to societal aspects of biometrics.

Working group 1 was about vocabulary! I'm a big fan of vocabulary.

h/t @m2sys

UID Aadhar: Why Aadhar needs to succeed

Immense Impact on Rural India (IBN Live)
This project has the ability to reshape the way the poor in thecountry receive their benefits. The biometric data makes the identity exclusive and it also ensures that migrants within the country can get the benefits. Most of todays workers or lower middle class people are migrant workers. By bypassing the middleman, this could ensure that the benefits reach the people with limited leakages in the system. Considering that most of the corruption in the country is at the lower middle man level, the potential of this impact is massive. Unfortunately, most of the intellectual discussion has been polarizing and not inclusive. For example, if there are issues with the biometric testing, why are people talking about scrapping the entire thing rather than discussing about how it can be improved or made more robust? Another major concern is about the lack of a data privacy act. Being an advocate of stringent privacy laws, I agree with this view point. The issue I have here is why is the discussion again being polarized? Why can't the critics come up with a draft of a data privacy law which can aid the functioning of the UID? The concerns voiced by critics are no doubt valid. These concerns need to be addressed at the respective forums but being an active civil society; I think we need to adopt an inclusive approach to make the implementation of the concept of UID better. [emphasis mine]
It's hard not to notice that UID critics already have an ID.

See also:
"Many Ugandans, if you ask them, 'When were you born?' They say, 'I don't know.'" Poor ID Management Infrastructure Prevents Uganda Little League Baseball Team from World Series Participation

How Much Fraud is Acceptable in NPR, UID? How do you go from a situation where you have a billion people and no rigorous ID management to a system where everyone has a permanent, singular, legally-enforceable, government-backed identity?

New Group Formed to Engage Europeans on ID Technology

The European Association for Biometrics Wants to Drive the Use of Technologies Identifying People (MSNBC)
Nouak deems it insufficient to put biometrics on a level with security. In his view, the prime task of biometrics is to increase the comfort of security systems. "Because I have my biometric features with me at all times, there is no need for me to remember any codes, passwords or PINs and to take along keys or cards", says Nouak. "Biometrics can simplify our lives if privacy remains protected and the application corresponds to the required security level."

The non-profit EAB wants to bring together industry, regulators and user groups. For this purpose, it aims at founding a Europe-wide network, which will also discuss its experiences with representatives from politics and business. Moreover, the organization wants to be an independent contact point for interested parties and promote the training of biometrics experts. Joint training and research activities of EAB members are to be one focus of its work. The EAB will have its first appearance on the European stage at the European Biometrics Symposium in Brussels on February 17, 2012.
We wish the European Association for Biometrics much success.

It strikes me that a regional approach to engaging the public, government and business on the subject of biometrics is appropriate.

Democracies in Africa and Europe are adopting biometrics for better ID management, but they are doing so in response to a completely different set of stimuli and with very different sets of challenges. Within each region, however, the challenges faced by neighboring countries are remarkably similar.

SecurLinx Introduces IdentiTrac-RMS, a Biometrically - Enabled Record Management System for Law Enforcement

SecurLinx Introduces IdentiTrac-RMS, a Biometrically - Enabled Record Management System for Law Enforcement Securlinx Corporation introduces its latest addition to the IdentiTrac product suite. IdentiTrac-RMS allows small-to-medium sized law enforcement agencies to create digitized booking records. By using fingerprints for user authentication and for searching the database of booking records, IdentiTrac-RMS offers productivity gains for law enforcement officers at an entry-level price below $5000.00.

Morgantown, WV (PRWEB) January 31, 2012

SecurLinx Corporation (FRA: S8X) introduces its IdentiTrac-RMS for the creation, storage and biometric search of digitized booking information. IdentiTrac-RMS provides fingerprint user verification to control access to up to 50,000 records which, in turn, are searchable by the fingerprint attached to each booking record. IdentiTrac-RMS uses FBI certified fingerprint technology to offer a compelling return on investment, saving officers’ time and making it easier to create and share NIST compliant records.

“The challenge for small to medium sized law enforcement agencies in today’s environment of evolving information technology capabilities is to be able to take advantage of the productivity gains offered by computerized information management at an affordable price,” said Jim Connors, Anaconda Montana Sheriff (ret.) and SecurLinx Vice President of Sales. “IdentiTrac-RMS solves that problem by providing a framework to gather and store comprehensive arrest records in the structure required to enable fast search and inter-agency sharing.”

“By leveraging our IdentiTrac Facial Recognition platform used by larger agencies, we are able to offer a fingerprint search version at a highly competitive price,” stated SecurLinx CEO, Barry Hodge, “The same technology can be used to validate user access to the system providing an audit trail and assuring data integrity.”

IdentiTrac-RMS has additional modules for managing prisoner intake and release, scars, marks and tattoos, medications and personal property. Records are stored to enable inter-agency information sharing using standards for both booking photos and criminal information reporting in the NCIC format. IdentiTrac-RMS helps small-to-medium sized law enforcement agencies record, organize, store and share information in a way that has immediate organizational benefits that exceed its price while enabling future adoption of other cutting-edge law enforcement technologies.

Monday, January 30, 2012

UK Border Agency committed to simplifying documents for foreign nationals with Biometrics

Online checks look set to turn up the pressure on illegal workers (HR Magazine)
From the end of February 2012 we intend to issue all migrants from outside the European Economic Area, successfully applying in the UK to stay for more than six months, with a biometric residence permit. It replaces the wide range of documents UK employers currently use to check an individual's right to work in the UK. Checking employee's details is easier, simpler and more secure.

These permits simplify the process by providing one standard, recognisable and secure document for employers to check. Also from spring 2012, employers will be able to verify that the details contained on an employee's permit are correct online. The new online checking service will provide quick and easy real time checks on the permit, the holder's identity and their right to work.
More at the link.

h/t @Allevate

Biometric Electoral Database Goes Up in Flames in Danao City Philippines

Fire damaged the Danao City Commission on Elections (Sun Star)
Comelec Cebu Provincial Election Supervisor Lionel Marco Castillano said Comelec Danao City can use its backup files at the provincial Comelec office during the recall election.

Castillano said, though, that the registration of voters in Danao has to be suspended because the computer that contains the Voters Registration System (VRS) was damaged in the fire.

“The computer, which was burned, had the biometric system that was used in the registration of voters,” Castillano said.

The fire damaged the office of the city election officer and the computer with the VRS.

Friday, January 27, 2012

App Helps ID Altered Fingerprints

Algorithm assists software systems identify changes (Voice of America)

As usual with Voice of America, there's a really good audio version of the story at the link.
“People who go through this process, which can be both expensive and painful, would want to do this only for high-valued scenarios and not for cashing a check for $50," Jain says. "So the most common uses of this fingerprint alteration is people who are seeking asylum in the United States or in Europe, because if they have a prior criminal record, they will probably not be granted asylum.”

Earlier Post: MSU Technology Detects When Fingerprints Have Been Altered (Sept. 13, 2011)
The Michigan State technology detects altered fingerprints. Knowing that a fingerprint has been altered is valuable information. An investigator that receives a "No Match" result but a note that the fingerprints may have been altered, will be in a much better position than an investigator who simply received a "No Match" result.

Ghostbusting: It's safer in New York

Peter Venkman, Raymond Stantz and Egon Spengler have nothing on Nigeria's Pension Reform Task Team.

Pension Reforms Task Team uncovers 71,133 ghost pensioners (Vanguard)
Reacting to the threat to life of members of the Task Force by those who are affected by their activities, the EFCC helmsman advised the team not to be deterred by any threat to life in the discharge of their duties “because risk element is real in life”.

h/t @m2sys

Compromise reached on Biometric ID in India

Chidambaram says compromise reached on unique identity project (MSN - India)
The planning commission on Friday said that the Unique Identification Authority of India (UIDAI) issue has been resolved. The cabinet committee on UIDAI has also approved additional spending of Rs 5,000 crore for issuing UID cards.
P Chidambaram, Nandan Nilekani call truce on Aadhaar (Economic Times)
The Union Cabinet on Friday decided to extend UIDAI's mandate for collecting biometrics from 20 crore citizens to 60 crore citizens, thus ending a year long turf war between the Unique ID Authority of India Chairman Nandan Nilekani and Home Minister P Chidambaram over the mandate to collect data of Indian residents.
♦ UID had its mandate tripled and is to issue ID's to 600 million people.
♦ Both sides agreed to stay our of each other's way (though simple arithmetic would seem to render that impossible over the long run).
♦ UID has to make some adjustments to how NPR wants to collect the data.

I have a feeling that the rivalry between the two projects and the two men that head them will heat up again soon enough.

I think this post from Tuesday had it about right.
It looks like Chidambaram was either told in no uncertain terms to start playing nice, or was tipped off ahead of Wednesday's cabinet meeting that UID was going ahead and he figured out which way the wind was blowing on his own (See: Govt likely to extend UIDAI’s ambit). The Home Ministry is now "examining how best to include the Adhaar number into the [Home Ministry's] smart card, which will make the smart card even more feature rich." This is a good thing.

While it is inherently inefficient to have two government bureaucracies with broadly overlapping mandates, India's experience with monolithic bureaucracies that face no competition hasn't been good, either (See: UID Catch-22).

There are also some synergies between the two efforts. They can learn from each other during the massive multi-year organizational effort. The UID database can be used to audit the NPR database and vice versa. Eventually they may be combined.

It's easy to understand Home Minister Chidambaram's point of view. Unlike UID's Nandan Nilakeni, Chidambaram is a real government minister, with a big job and the power (and budget) that goes with it. It must be horribly inconvenient for a government minister to have to compete with India's most famous technology business titan especially when he gets to start from scratch and you have to steer an organizational culture you didn't create and have few mechanisms to change.

His best arguments for clipping Nilakeni's wings were always legal and procedural: UID wasn't created the right way; Parliament hadn't acted; etc. His tactics were counterproductive when he argued his case from a technical position because his technical criticisms (accuracy, fraud, etc.) consisted entirely of pointing out challenges inherent in any biometric project of this scale. They applied to UID and the NPR equally.

Hopefully this signals the end of the beginning of the creation of a key piece of 21st century Indian infrastructure.

If the two organizations can work together for the common good there will be plenty of credit to go around.

To which I would add that Indians can also benefit from a healthy rivalry between the two.

Thursday, January 26, 2012

The Con is Mightier than the Hack

Robert Siciliano wrtiting for Infosec Island makes a great point about security in:

Human Security is Weaker than IT Security
It's short and worth reading in its entirety. A taste:
Keep in mind that when you lock a door it can be unlocked, either with a key, or with words that convince you to unlock it yourself. Always view every interaction, whether virtual or face-to-face, with a cynical eye for a potential agenda.
This doesn't make the lock and key a bad technology. No security technology provides perfect security because all security technology is controlled by human beings; and if they were perfect, you wouldn't need security in the first place!

In the lock and key analogy, a hacker can pick a lock and a con man can convince someone to open the door for him.

Hackers work by applying specialized skills to exploit technology in a way that the user doesn't anticipate (or accepts a low perceived likelihood of exploitation). Con men apply specialized skills to people in a way that convinces an individual to act against his interest or the interests of those who trust him.

Random thoughts on the theme...

The most that security technology can ever aspire to do is to thwart hackers. Hackers hack technology, con men hack people.

The security technology of Troy (the wall) was never overcome, the Greeks had to opt for the con. It worked.

All security ultimately rests upon trust.

The purpose of security technology is to help minimize the number of people you must trust in order to control things or data.

Security technology can offer protection from some, or most, or almost all others but it can't protect one from oneself.

The number of people that must be trusted can never be reduced to less than one, and it usually can't be reduced to any number approaching one.

The purpose of all security technology is to force the thief to deal with a trusted individual.

The presence of social engineering, bribery, corruption, coercion, blackmail, threats and conspiracy may be evidence that adequate security technology is in place.

If one is constantly falling victim to the list above, technology isn't the problem, though it might help you figure out a way to trust fewer people, for a fee, of course.

Washington: Facial recognition could be applied to all driver's licenses

"State has a responsibility to make sure the identification it hands out is legitimate" (MyNorthwest.com)
Brian Wurts, a Lakewood Police officer, told the State House Transportation Committee on Wednesday that this program could really make an impact on identity theft.

"It is a very easy thing to do in this state to get an ID card or Washington state driver's license with fictitious information," he said.
Yesterday we had a post about New Jersey. Washington is another state that is applying facial recognition to audit its database of drivers license photos.

See also:
One woman, two faces (KREM.com)
The case of Eliza Bighetty is an example of the software at its best. She donned a wig and walked into a DOL office to apply for a driver license in the name of her deceased step-daughter. The scheme worked and for ten years Bighetty received social security benefits and food stamps.
I highly recommend this video from the above-linked article (there's a short ad at the beginning).

India: Turfs marked, ID war ends

The formula will be vetted by a cabinet panel on Friday (Hindustan Times)
A meeting chaired by Prime Minister Manmohan Singh on Wednesday came out with a formula to end the tug-of-war between the home ministry and the Nandan Nilekani-led UIDAI over collection of biometrics of more than 1 billion people in the country. It was decided to work out a mechanism to enable the Unique Identification Authority of India (UIDAI) and the home ministry’s National Population Register (NPR) to split the task of biometric enrollment.
It looks like the two sides have been ordered to stay out of each other's way as much as possible. How long they can do this is an open question.

India Biometrics Market to Grow at 42.4% Per Year

Press Release - Biometrics Market in India 2010 - 2014
TechNavio's analysts forecast the Biometrics market in India to grow at a CAGR of 42.4 percent over the period 2010–2014. One of the key factors contributing to this market growth is the implementation of biometrics in large-scale government projects. The Biometrics market in India has also been witnessing the increase in adoption of biometrics solutions in enterprises. However, lack of unified standards could pose a challenge to the growth of this market.

Wednesday, January 25, 2012

N.J. to Use Face-Recognition Technology to Scan License Photos for Fraud

Insurance Journal
Photos that are flagged as suspicious will be reviewed before that person can renew their license. MVC inspectors will examine whether the person has a twin or is a married woman who changed her name.

See also:
Multiple ID's But Only One Face
How DMV Face Rec Can Prevent Identity Theft
New Jersey: 40 Arrested in Drivers License Conspiracy

Face Recognition in the Nose-Job Era

Software could spot face-changing criminals (New Scientist)
Aggarwal was inspired by a facial-recognition technique called sparse representation, which matches an image of a face by comparing it with combinations of individual features from faces already recorded in a database. If the closest matching combination turns out to be made up of features mostly drawn from one person in the database, it is a good bet to say the target image is also of that person. But if the best match combines features pulled from images of many different people then the system has failed to identify the new face.
This interesting technique for face recognition doesn't really do face recognition at all. It does left eye recognition, right eye recognition, nose recognition and mouth recognition, and then it sees if the top results of each query belong on the same face. That's an impressive leap of imagination.

If you're sole interest is in thwarting facial recognition systems, you may consider trying out some of the pointers at cvdazzle.com before rhinoplasty because in terms of facial recognition, expense, reversibility and pain:

Images: CVDazzle & Wikipedia

via @HodgeBarry & WSJ

Biometric Identity and Freight Shipping Crews

I had no idea that a quarter of the of the world's ocean-going labor force is Filipino.

Philippines Ratifies Convention 185 This Week (Handy Shipping Guide)
This now means that Filipino seamen, who represent around 25% of the labour force on merchant and other shipping ranging from general cargo and bulk freight vessels to tugboats and passenger liners, will now carry biometric identification designed to eliminate fraud and identity theft and ensure fair treatment of crews.
There's also a security angle, obviously.

UID allowed to collect biometrics for all Indians [UPDATE: Nandan Nilekani's battle for biometrics ends with compromise]

UPDATE III (The other two are at the bottom):

IDTV has walked back their coverage at the page (linked below).
The headline now reads: "Nandan Nilekani's battle for biometrics ends with compromise" and states essentially that UID and NPR will continue in parallel with as little duplication as possible.

The original headline for the article was "UID allowed to collect biometrics for all Indians," which is still in the article's URL: http://www.ndtv.com/article/india/nilekani-allowed-to-collect-biometrics-for-all-indians-170411. [Original post follows].

NDTV.com is reporting that the Unique Identity (UID) Project will be allowed to extend its services to all Indians.
Nandan Nilekani has just scored 15,000 crores and the right to collect the biometrics for all Indians.  An informal meet chaired by Prime Minister Manmohan Singh today green-lit Mr Nilkani's request to continue collecting biometrics. The proposal had been opposed by the Home Ministry headed by P Chidambram.
The meeting is reported to be informal, so I guess it's possible UID will receive shocking news before a formal announcement, but once the Home Ministry started making noises about how they were totally cool with UID, things certainly appeared to be moving this way.

This bit of news was predicted by the Times of India here and discussed here yesterday in UID: Home Ministry Climb-down.

UPDATE: The Deccan Herald is reporting that the formal meeting will take place "next week."
The fate of Nandan Nilekani led Unique Identification (UID) project will be decided by the Cabinet Committee on Unique Identification (CCUID) next week.

The panel headed by Prime Minister Manmohan Singh is expected to sort out differences between the Union Home Ministry and the Planning Commission over collection of data.

The meeting, to be attended by Finance Minister Pranab Mukherjee, Home Minister P Chidambaram, Planning Commission Chairman Montek Ahluwalia and UIDAI chairman Nandan Nilekani, will also discuss some of the contentious issues of the project including duplication of National Population Registry (NPR) and UID, expenses, and enrollment of citizens for Aadhaar numbers.
UPDATE II: MSN India sees it differently.

Tuesday, January 24, 2012

UID: Home Ministry Climb-down

In today's episode of "All UID, All the Time," India's Home Minister Chidambaram announces that "There were media reports about conflict between the home ministry and the UIDAI, but they are not true," and “There is no clash between Adhaar and the smart card issued by the Home Ministry.”

[You may take a moment to retrieve your monocle.]

It looks like Chidambaram was either told in no uncertain terms to start playing nice, or was tipped off ahead of Wednesday's cabinet meeting that UID was going ahead and he figured out which way the wind was blowing on his own (See: Govt likely to extend UIDAI’s ambit). The Home Ministry is now "examining how best to include the Adhaar number into the [Home Ministry's] smart card, which will make the smart card even more feature rich." This is a good thing.

While it is inherently inefficient to have two government bureaucracies with broadly overlapping mandates, India's experience with monolithic bureaucracies that face no competition hasn't been good, either (See: UID Catch-22).

There are also some synergies between the two efforts. They can learn from each other during the massive multi-year organizational effort. The UID database can be used to audit the NPR database and vice versa. Eventually they may be combined.

It's easy to understand Home Minister Chidambaram's point of view. Unlike UID's Nandan Nilakeni, Chidambaram is a real government minister, with a big job and the power (and budget) that goes with it. It must be horribly inconvenient for a government minister to have to compete with India's most famous technology business titan especially when he gets to start from scratch and you have to steer an organizational culture you didn't create and have few mechanisms to change.

His best arguments for clipping Nilakeni's wings were always legal and procedural: UID wasn't created the right way; Parliament hadn't acted; etc. His tactics were counterproductive when he argued his case from a technical position because his technical criticisms (accuracy, fraud, etc.) consisted entirely of pointing out challenges inherent in any biometric project of this scale. They applied to UID and the NPR equally.

Hopefully this signals the end of the beginning of the creation of a key piece of 21st century Indian infrastructure.

If the two organizations can work together for the common good there will be plenty of credit to go around.

Biometric Applications on Android Tablets

You're going to start seeing a lot more of this, and not just with biometrics.

Android platform adapted for biometrics (UPI)
"EB's platform is cost-effective and allows fast turnaround, which helps government agencies stay current with their handheld devices. Rather than developing small batches of high-cost, highly specialized product, EB's platform allows us to integrate low-cost modular attachments to meet the needs of specific agencies, while simultaneously producing high volumes of core products at substantially lower cost per unit."

The combination of technologies would allow a broad range of stand-along and network-connected biometric applications for U.S. government agencies, the companies said.
A couple of points:
♦ Right now, Android is the only viable option for this type of product development.
♦ The diversity of mobile hardware running Android is really impressive, and amazingly inexpensive.

See Also: Motorola Atrix 2 Has No Fingerprint Reader. Motorola designed and (briefly) sold an Android device with an on-board fingerprint reader.

In other Atrix news: Motorola Mobility Announces Availability of Motorola ATRIX in Turkey.

Monday, January 23, 2012

Visa-free Travel: Kosovo Tries to Catch Up with the Rest of Europe

Kosovo Buckles down to Become Visa-Free (Turkish Weekly)

Kosovo is a newly-independent nation that is still putting down roots in the international system.
"Kosovo should address challenges in the border control sector, inter-state organized crime, repatriation and reaching technical and technological standards in the administrative system. But also improving of the political image and [improving] the economic situation of the country," Agron Bajrami, Kosovo columnist, editor-in-chief of daily Koha Ditore told SETimes.

"These are probably the biggest challenges because these are real and deep problems which have not been addressed -- they are also the stain that burdens Kosovo's name in almost every quarter of the world. [Dealing with these issues] will go beyond the time frames and political frames of visa liberalization."
The two "man on the street" quotes at the end of the article are also very interesting.

Malaysia: Biometrics to Enhance Electoral Integrity

While India's getting all the headlines, Malaysia is making great progress in using biometrics to enhance electoral integrity.

Malaysia's biometric voting system ready (Asia One)

Creating a clean electoral roll (The Star)

The articles both make a big deal out of something every biometric electoral system must do, ensure against multiple registrations, but it's nice to see deduplication get the attention it deserves.

India UID Round-up

Since Nandan Nilekani began mounting a serious defense of the UID project, India has been pretty much dominating the biometrics news.

Here's a roundup:

Biometric for Aadhar Rs10 more than NPR (Hindustan Times)

UIDAI dismisses doubts over accuracy of unique ID system (IBN Live India) - with a rare mention of the mathematics involved in deduplication.

Excellent Video: Truth vs Hype: Who is afraid of Unique ID? (NDTV.com)

Full transcript of a longer Interview of Nandan Nilekani on UID project, Aadhaar (NDTV.com)  This interview is conducted by Sreenivasan Jain, the journalist in the video above.

Short News Piece: Nandan Nilekani and the biometrics battle (video) (NDTV.com) 

War on UID: Who will win? (MSN - India)

India faces identity crisis (Asia Times)

Friday, January 20, 2012

Biometrics Help Discover Another Sex Offender Illegally Entering the United States

Agents halt U.S. entry to sex offender (Alamogordo Daily News)
The system positively identified Lemus. The system also revealed Lemus' prior convictions for sex offense against a child-fondling conduct on a 16-year-old child, cruelty to a child, child abuse resulting in no great bodily harm and contributing to the delinquency of a minor.

findBIOMETRICS 2011 Year in Review

findBIOMETRICS has published its year end review containing insights and perspective from biometrics industry leaders.

Question 1 - In your view, what have been the three most significant milestones/announcements for the identification/Biometric Industry this year? [PDF]

Question 2 - What are the most pressing issues facing the Biometric Industry as we move into 2012? [PDF]

Question 3 - Was 2011 a good year for your company/organization/department and what were some of the highlights? What will 2012 hold for your company/organization/department? [PDF]

The people at findBIOMETRICS consistently do an excellent job of covering the biometrics industry from an insider's perspective.

Thursday, January 19, 2012

Using Face Recognition to Monitor Queues and Passenger Flows in Airports

New Post From the Allevate Blog...
Understanding your peak and quiet times is essential to enable sufficient and efficient staffing and resourcing. Raising of alerts when unforeseen queues arise is critical for ensuring passenger satisfaction, as well as for ensuring that all SLAs with other stakeholders, such as airlines or government agencies, are adhered to.
Using CCTV integrated with face recognition biometrics enables a solution that timestamps when individuals are detected at known camera locations, thereby providing highly accurate information on passenger flow information, such as average and peak queue times [...]
This kind of deployment is right in SecurLinx' wheelhouse.

Biometrics and Biostatistics Revisited

[UPDATE: An uptick in recent articles like this one made me want to revisit this post. A quote from the article:
Ford showed off a prototype of this future health system, developed by BlueMetal Architects, at CES. The system will be able to capture biometric data from devices such as pacemakers and glucose monitors, and will also be able to accept voice input from the driver [emph. mine].
Maybe the term "biometrics" has a marketing cachet that "biostatistics" lacks; maybe for reasons of economy, journalists prefer to save ink, pixels, space and keystrokes. Whatever the reason, "biometrics" is a term that gets applied to every new application where technology is used to monitor or measure some aspect of the human body, its condition, motion or position. In being used to describe so many different things, "biometrics" has lost a great deal of precision of meaning.

DARPA has come up with another set of applications that some will be tempted to call biometrics (though DARPA doesn't call them that). DARPA is interested in collecting behavior metrics they call “cognitive fingerprints” or “human secrets” in order to develop an identity assurance model that relies on constant monitoring of an individual's unique behaviors while interacting with computer hardware.


Acta exteriora indicant interiora secreta; External actions indicate internal secrets

...maybe "actametrics" is a decent term for what DARPA's up to.

But you can see why (over)use of the term "biometrics" is so tempting. In this case, “cognitive fingerprint” and "human secret" is even more confusing than overusing "biometrics," and the folks at DARPA are geniuses that probably know their Latin scientific terms very well.

The original post, with minor edits, follows...]

We've danced around this topic a couple of times in the past (see links at the end of this post).

Biometrics and Biostatistics, the difference is subtle.

Biometric = body measure.
Biostatistic = body status, state, or condition.

[I'm no Latin scholar so I don't want to go to the mat for these definitions, but keeping them in mind helps me make sense of things when I read about all the uses for "biometrics" in health care and the health insurance industry. If there are any Latin (language) scholars out there who have interest and insight into this question, I'd love to hear from them.]

Biometrics for identity management concern facts about the physical human body that don't change (or don't change much) over time.

Biostatistics, on the other hand, are useful precisely because they change, sometimes radically over short or long time-frames.

Health care uses both biometrics and biostatistics. Health care providers use biometrics such as fingerprint and iris scanners for patient records management and logical and physical access control. They use biostatistics such as heart rate, weight, and EEG's, etc. for diagnostics, monitoring progress and assessing outcomes.

The Security sector is also seeking ways to use quantitative biostatistics to achieve better outcomes. I added the "quantitative" modifier because in many ways human beings have used non-quantified biostatistics (observations of behavior, for example) for security purposes since, well, forever. For example, we all know what someone means when they say that someone else was "acting suspiciously" or "looked guilty".

The computerized, measurement of biostatistics for security purposes, is at least as old as lie detectors. The novelty described by the article linked below is in bringing lie detectors out of the rigorously controlled laboratory environment and into more chaotic situations.

Face-reading lie detectors to be tested at UK airports (Airport-Technology.com)
The dual cameras in the system observe changes in facial expression and blood flow, with the first camera spotting signs of deceit such as lip-biting, nose-wrinkling, blinking and Freudian slips, and the second thermal imaging camera measuring flushing and blood-flow patterns around the eyes.

See also:
Behavioral Biometrics or Public Lie Detectors?
Mal-intent may be the future of security

Wednesday, January 18, 2012

UID Catch-22

Delivery delays hit UID numbers (Hindustan Times)

♦ India's bureaucracies aren't able to serve the needs of Indians because of an accountability black hole.

♦ A more rigorous ID scheme will increase accountability and deliver better results to citizens.

♦ Implementing the ID scheme depends on the bureaucracies (see statement 1).

Thankfully, the last statement isn't quite true. If true, it dooms the UID project on the bases of both bureaucratic will and ability. There must be many bureaucrats invested in the status quo that would love to see the UID project fail, and the UID load will be difficult for some bureaucracies to bear.

If you didn't click through yet, the above-linked article informs readers that the post office is currently falling short on its responsibility to print and deliver UID numbers. It is meeting only fifteen percent of the daily demand for its services, so it's not so much falling short as utterly failing.

But if the post office was a model of efficiency, might that call into question the whole reason for UID in the first place?

From the article...
To end the delay, the UIDAI has decided that another government body, Telecommunications Consultants India Limited (TCIL) will print Aadhaar letters and supply it to postal department for mailing them to residents.

“TCIL will be printing minimum of about seven to 10 lakh [ed. 700,000 to 1 million!] Aadhaar cards in a day,” a UIDAI official said. In addition to their Mumbai facility, TCIL would be setting up two more printing units to meet the demand.

The UIDAI will also be providing an alternative platform to receive Aadhaar letters --- download from its website within month of enrolment.
And there's the way out of the catch-22. Create competition for the post office. I suspect that none of these contingency plans were made up on the fly*. UIDAI knew it would have to use the post office and knew it would fail. There probably isn't a private entity in India that can displace the post office entirely, but competition among government entities is better than no competition at all and UID is also entering that competition directly by communicating numbers directly to individuals who have access to the internet.

In the final accounting, UID is not about biometrics at all. Biometrics is a means to better ID management. Better ID management is a means to bring greater transparency and accountability to nearly every aspect of how the government goes about its allocated tasks. Is it any wonder it has so many enemies?

Identity management is about people; the challenges of UID are and will be as much managerial as technical.

*Just having the right technology is not sufficient to roll out a project on this scale. “What we need to do is create an appropriate ecosystem,” said Nilekani. In short, getting the incentives right for all those involved in the project."

See also:
The epic marketing challenge for UID
India: Is UID Under Siege?

Fingerprints for Blood Donor ID Management

New Bio-Key Technology for Blood Donors (KXII.com - Oklahoma)

The article talks mostly about efficiency — improved identification in less time — but I imagine there at least some safety gain, as well.
Oklahoma Blood Institute has found an easier way to keep track of blood donors using advanced technology. OBI now uses Bio-key technology which provides a donor biometric fingerprint identification. In order to give blood, soon all donors will need is their finger to check in.

Tuesday OBI hosted a blood drive at WinStar Casino in Thackerville and employees were the first to enroll in the new Bio-key system.

"The efficiency of it all is worth any of the initial trouble of going through the biometric screening process it's all really easy, and as forgetful as am I need all the help I can get in keeping track of that stuff so it helps immensely" said WinStar poker room manager, Jay Wiles.

Tuesday, January 17, 2012

Word of the Day: Prosopagnosia or "face blindness"

Prosopagnosia or "face blindness" - a condition where some people find it difficult to recognise faces, including their own.

I was certain I had posted this short BBC video on Prosopagnosia when this article came out last October, but I couldn't find it.

Art, Science, Security & Technology Converge at the London Science Museum

London's Science Museum to scan visitors' faces in 3D (BBC)
The Me in 3D stand at the museum uses a series of cameras to build a virtual image visitors can then view and manipulate.

Data from participants will be used by Great Ormond Street Hospital, University College Hospital and Eastman Dental Hospital and Institute to provide better treatment and surgery for patients with disfigurements and congenital conditions.
While the BBC article stresses the research as a means of developing a large research database to advance the general state of the plastic surgeon's art, individuals can use this technology to record and store their own faces for reference in the unfortunate event that they later require reconstructive surgery.

The article also reminds the reader of another recent exhibit at the London Science Museum that have dealt with facial recognition
The new project follows another based at the museum which involved getting visitors to take part in real scientific research.

The Familiar Faces study, involving scientists from the University of East London, consisted of a series of simple tests to assess the facial recognition abilities of members of the public.

h/t @m2sys

'UID is game changer, put it back on track'

More pro-UID Opinion in the Indian Press (The Times of India)
Is India willing to believe that technology-led solutions can enhance governance and transparency in the country? Should good be given away for the sake of perfection?
The UID project in all its details went through interministerial scrutiny and was cleared by the Cabinet. It was supported by states, irrespective of political affiliations. If the concerns are on project costs, then the one-time cost of implementation of this project would be a fraction of the money lost through leakages in our social schemes, apart from the multifold improvement in efficacy. It will be leveraged by the Centre, state and local governments as well as the private sector. We must not forget the mandate of UID is of a developmental project and should not be burdened with issues of security, terrorism, illegal immigration etc.
This short article has it all: Privacy, Corruption, Development, Politics and ROI.

It also echos thoughts I expressed regarding criticism of India's UID this past October in Perfect is the Enemy of Good.

h/t @francesIDexpert

More on the Awesomeness of Passwords

Yesterday, we posted Why Passwords Are Great.

Today, the WSJ tech blog which takes the subject further.

Why Password Security Lives On (Wall Street Journal)

The WSJ post also links to the research paper (PDF) that spawned the recent, nuanced, views of what the password as an ID management technology has going for it, which is plenty. Any technology that is as ubiquitous as the password while also being as irksome, is performing a valuable service at a tolerable price.
Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats.
The part about them being essentially free requires qualification (which the authors offer), but that's a pretty impressive list.

But this is a biometrics blog. Biometrics don't need to supplant the password altogether. For the moment they can't at a tolerable cost. But here are two (there are more) instances where biometrics can and should be used to limit the risks organizations expose themselves to by over-reliance upon passwords.

♦ Databases of customer information should be biometrically protected. Protecting individual accounts with passwords is fine, but at a certain size, all databases of user/customer information should be protected with biometrics.

♦ Biometrics can also be used to overcome some of the limitations of passwords. In one sense, they can allow for more complex passwords that change more frequently and are hence more secure (i.e. fingerprint sensor on a laptop). They can also be used to return the simplicity of the PIN in use models where ease of memorization is important.

Monday, January 16, 2012

India UID: Counting the billions

India starts to empower its people (The Independent, UK)
Shambhu Sharma had arrived with nothing that could prove who he was. He had no passport, no ration book, no voter identity card or anything similar. Four years ago, he said, he was pick-pocketed and everything was taken. As India goes about trying to provide a unique identity number to each of its citizens, it is people like Mr Sharma who provide officials with some of the most testing challenges. The government's scheme accepts 17 separate forms of photo identification and 32 as proof of address, but sometimes there are individuals such as Mr Sharma who genuinely have nothing.

"It creates many problems for me. I cannot open a bank account, or buy rail tickets or a gas cylinder connection. It means I have to get one on the black market," sighed Mr Sharma, who works for an non-governmental organisation. "I cannot even buy a Sim card."
This article and the Economist interview may point toward an increased interest in confronting the anti-UID narrative that has been getting a lot of attention lately.

Other recent posts on the subject:
India: How Much Fraud is Acceptable in NPR, UID
India: Lawyer Sanjay Parikh Unconvincingly Urges Biometric System Boycott

h/t @m2sys

UID: Only a Billion to Go

The Economist: Asia editor and South Asia bureau chief discuss India's efforts to use biometrics in distributing public resources
...much more efficient and much more streamlined than you would find, not only in the Indian civil service, which is famous for its buraeucracy and its slowness, but I think more efficient than you would find almost anywhere else on the planet.
To roll out the enrollments of a population the size of Brazil in a single year counts as quite an amzing feat, and to do that for less than half a billion dollars over five years counts as a tremendous success.
I wish I could embed the audio here, but I can't.

If you have followed the UID project in India, I highly recommend the interview (audio, 13 min. 43 sec.) which discusses the scale and organization of the effort as well as some of the motives of those who oppose the project.

h/t @m2sys

Why Passwords are Great

The first article below is a really good discussion about passwords and why they might be with us for a while. Still, it acknowledges that the password as a security technology is clunky in some of the applications in which it serves.

The second article sheds light on why the password is still ubiquitous and hasn't even been displaced in applications where its displacement is clearly desirable. No biometric scanning device exists that has web-enabled communication and control based on a publicly available specification. Passwords don't suffer from this complication.

A couple of Experts: We're stuck with passwords (Channel Register)
They argue researchers need to revisit the subject of how to get passwords to work efficiently rather than assuming the approach is about to be written off as hopelessly flawed and unfixable. Passwords are here to stay, even though they certainly not appropriate in all cases, because "no other single technology matches their combination of cost, immediacy and convenience that many scenarios require". The researchers are, however, careful to note that there are many cases where passwords are not the best-fit.

"Passwords have proved themselves a worthy opponent: all who have attempted to replace them have failed," the two boffins conclude. "It is fair to say that little progress has been made in the last 20 years: usability has degraded significantly, while security has not improved. The reasons, we suggest, are widespread confusion about why we are trying to replace them, what is required of a replacement, and what improvement is expected once they are replaced."
NIST wants small form-factor, tamper-resistant and handheld fingerprint sensor (Bank Info Security)
The goal of this initiative, for which NIST will provide funding, is to produce a fully functional, handheld device that's capable of biometric acquisition, and controlled through web services as specified in NIST Special Publication 500-288: Specification for WS-Biometric Devices.

NIST recognizes the ubiquity of the Internet and its impact on commerce - the agency, after all, is part of the U.S. Commerce Department - and the need for tools that can assure safe online transactions.
Those of strong constitution might consider clicking here for the NIST Solicitation (PDF), though I cannot recommend it.

ADVICE TO THE FOOLHARDY: You went ahead and clicked it anyway, didn't you?

Now, you're nine pages in and wondering, "What the heck is The Trust Territory of the Pacific Islands?"

You're now only 15 pages from the part about Research Projects Involving Vertebrate Animals.

From there, it's only a short 5-page dash to the good stuff which starts on page 39 of 62 in Section 9.0: RESEARCH TOPIC AREAS.

Welcome to flavor country.

Friday, January 13, 2012

Homeland Security Dept. 2012 Procurement Priorities Include Biometric Tech.

2012 Procurement Priorities: Mixing And Matching (HSToday.us)
Seeking to maximize its procurement dollars, DHS will pursue some technologies that have applications across multiple program areas, said David Gerritz, defense and homeland security analyst at Deltek Inc., Herndon, Va. For example, DHS agencies will continue to increase their investments in biometric applications that verify the identity of individuals through fingerprints or photographs.

Investment in biometrics supports initiatives in border security and immigration, as well as specific programs such as trusted traveler programs and Homeland Security Presidential Directive 12. As such, biometrics and credentialing will see a big push in 2012, Gerritz told Homeland Security Today.
To summarize: biometric identity management technologies offer increased efficiency and a substantial return on investment over many different Homeland Security business units.

HSToday.us also has a landing page devoted to Biometrics & ID Management.

Biometrics & Standardized Tests

Graduate Management News: Five Questions on GMAT Test Security for Dan Eyob (GMAC.com)

Dan Eyob is GMAC’s director of GMAT test security and his interview with the GMAC corporate newsletter is a tight exposition of the proper way to think about security, starting with a firm understanding of what it is you're trying to secure. In GMAC's case, it's integrity — integrity of the test itself and integrity of the test's ability to predict a certain type of academic success.

ID management, as it is for all credentialing organizations, is a big part of ensuring the integrity of the GMAT.
Q: What does GMAC do at test centers to prevent cheating?

A: We have a strict check-in protocol at all test centers and apply state-of-the-art technologies to support this protocol.
♦ Each test taker has to bring a valid government-issued photo ID with them. Passports may be checked electronically to ensure that they are not forged.

♦ Test takers must sit for a digital photograph, which may be included in the Official Score Report if requested by the school. All test takers have to provide a palm vein scan before entering or leaving the testing room. The palm vein reader makes an encrypted, digital record of each test taker’s unique palm vein pattern.

♦ Test takers must provide a digital signature agreeing that they have not accessed test content and will not divulge it to anyone else.

♦ Test takers are not allowed to take anything with them into the testing room, including electronic devices such as mobile phones, calculators, or watches. Erasable noteboards and markers are provided by a test proctor and must be returned after the test.

♦ Test administration is monitored in person by a test proctor and is videotaped for subsequent review, if necessary.
See also: New York: Seven Arrested For Alleged SAT Cheating Ring UPDATE: SAT, Biometrics & ROI
and Privacy commissioner seeks to block finger-printing of Canadian med-school applicants

The med-school post gets at some issues of ID management, standardized tests and public safety that aren't as readily apparent in the business school case.

The other questions answered by Mr. Eyob at GMAC's site are:

What is GMAC’s philosophy on GMAT security?
What investments does GMAC make in security?
What does GMAC do when it discovers evidence of cheating?
What is GMAC doing to keep a step ahead of cheaters?

h/t Stacy Blackman and U.S. News & World Report

Thursday, January 12, 2012

90% of passports deployed include biometric features

Border control automation challenged by complex interoperability issues (ThirdFactor)
It is widely acknowledged that the automation of border controls will promote the efficient management of international boundaries, BUT ONLY IF industry and government authorities urgently collaborate to create an end-to-end trusted solution that delivers global interoperability. This has to be based on sufficient standards, supported by certification schemes to validate that products are abiding to the framework.
Biometric technologies are rapidly advancing toward 100% penetration of the passport market. Also, a passport is a document that serves a transaction (or as a form of communication) between sovereign entities. Both sovereign entities must agree on the terms of the transaction from positions of equal status. The high adoption rate of biometrics in passports as well as the exclusive prerogatives of nation states makes interoperability a more pressing concern in travel documents than in other types of ID transaction.

In other words: Interoperability is way more interesting in the passport world than with other forms of ID. Who cares if you can't use use your Kroger loyalty card at Ralph's?

UPDATE: Lot's of people, it turns out.

UPDATE II: Of course, there's an app for that. It doesn't make them interoperable but it helps people cope with the fact that they aren't.

Agents use Biometrics to halt sex offender entry into U.S.

Las Cruces Sun-News
The subject is identified as Luis Rene Lemus, 45, a Cuban national.

Lemus' biographical and biometric information were entered into the Integrated Automated Identification System. The system positively identified Lemus. The system also revealed Lemus' prior convictions for sex offense against a child-fondling conduct on a 16-year-old child, cruelty to a child, child abuse resulting in no great bodily harm and contributing to the delinquency of a minor.

Ghana Gears Up for Biometric Voter Registration

Compilation of Biometric Register Begins March 24 (Ghana Web)
It is now certain that the compilation of biometric voters’ register by the Electoral Commission (EC) will be conducted from March 24 to May 12, 2012.

The nation-wide registration exercise which will last seven weeks will take place at over 6,000 centres involving over 45,000 officials.

As part of the technical preparation for the exercise, EC will, between January 17 and February 15, 2012, take delivery of 7,000 biometric registration kits and back-up materials which will be delivered in five batches.

UPDATE: The Electoral Commission has denied media reports that the biometric registration exercise will begin on 24th March. The EC said the exercise will start by the close of the first quarter.

Wednesday, January 11, 2012

United States: ID Technology & the Bill of Rights

The Fifth Amendment in the Digital Age (ZDNet - Identity Matters Blog)
Basically, if the password is a physical thing she has, than the Fifth Amendment does not protect it. But if the password is deemed to be something the defendant knows, it is protected.
To illustrate the principle, the Supreme Court has previously explained that a witness might be “forced to surrender a key to a strongbox containing incriminating documents,” but not “compelled to reveal the combination to a wall safe.”
As the post points out, biometric technologies complicate this further.

The Fifth Amendment guaranty that "No person shall... be compelled in any criminal case to be a witness against himself," applies (outside the military) to those who have already been indicted by a grand jury, are standing trial, and are being asked to assist in their prosecution. The example above doesn't seem to prevent the police from hiring a locksmith to open the wall safe; it merely prevents the police from compelling the accused to help them.

The Fourth Amendment is much more relevant to privacy in the ordinary sense.

The Fourth Amendment guarantees that:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

"Warrantless mobile device searches" (Google search) are a much hotter digital age privacy issue.

Biometric Information Sharing and the Five Country Conference

[UPDATE: Paid subscription required to view older articles]
Biometrics programs prompt privacy concerns (Embassy.ca) 

The linked article contains a wealth of information on the mechanics of how Canada, the United States, United Kingdom, Australia, and New Zealand (the Five Country Conference) have agreed to share biometric information on people seeking entrance into the named countries.
A third party did a privacy impact assessment of the sharing protocol in 2009 with recommendations to mitigate privacy risks, to which all government agencies involved agreed and began implementing. Canada is working with its Five Country Conference partners to ensure privacy by, for instance, making sure all fingerprints are anonymously shared and can't be linked to a person unless a match is made, destroying fingerprints once a search is done, and exchanging more information only after a match is made.

They use encryption and security tools to protect files shared electronically. Everything passes through a secure central server in Australia.

Canada knows information shared between countries is being kept secure because they've each signed memoranda of understanding with each other governing how the information is to be managed, said Ms. Caron.

Tuesday, January 10, 2012

St Kitts and Nevis has begun issuing biometric passports

Biometric Passports for St Kitts and Nevis (Caribbean Journal)
“The new document to be issued by the Government of St Kitts and Nevis is more secured and and designed with specific imbedded features intended to enhance the integrity of the new E-Passport and will facilitate more seamless travel by citizens and residents of the Federation,” the Ministry said in a statement.

Neurotechnology Biometric technologies for Android

Three SDK's: Face, Finger & Both (Help Net Security via @Allevate)
Neurotechnology announced their new line of embedded biometric technologies, including VeriFinger Embedded SDK for fingerprint biometrics, VeriLook Embedded SDK for face biometrics and MegaMatcher Embedded SDK for multi-biometric systems using face and fingerprints in combination.

The embedded versions are designed for use in low-power, compact and/or mobile devices such as smartphones, tablets, handheld computers and other embedded devices.
This is good news and potentially much bigger news than Apple's much discussed facial recognition patent filing.

Monday, January 9, 2012

Head of the Israel Biometric Database: It is Safe

The attempt to link the credit card information leakage from shopping and coupon websites with a low and unsupervised security level to the biometric database is, at best, lack of knowledge of reality and facts,” Kamni said, adding that the biometric database is the only database that can ensure Israelis peace of mind and confidence that their identity will not be stolen.

Innovations for Successful Societies: Liberia, Civil Service & Biometrics

Cleaning the Civil Service Payroll: Post-Conflict Liberia, 2008-2011 (Princeton.edu)
William C. Allen, director general of the Civil Service Agency (CSA), reflected on his time as minister of information in Liberia’s transitional government from 2003 to 2005.

“On any given day I would come into the office, I would see about 60 persons,” he recalled. “I was in my office one day and I heard this noise and a drove of people in the hallway.

I said, ‘What is going on?’

They said, ‘Today is payday.’

I went out there and I tell you I saw faces and people that I had never seen in my life. They had occupied the entire stairwell. I said, ‘Gee, if I had all these people working every day at least I could do something for this country.’ So right there I knew I had a problem.”
Jonathan Friedman has put together a superbly-written and detailed narrative on the use of biometrics to foster efficient civil service by weeding out ghost workers. The quality of the writing shines through. The level of detail doesn't overwhelm this story of innovation which Mr. Friedman tells in a compelling way,.

Download full PDF here
(10 pages).

SecurLinx Announces Reorganization

Press Release:
Morgantown, West Virginia
January 09, 2012

SecurLinx Corporation, a Delaware corporation located in Morgantown, W.Va., announced today that it has completed its reorganization with SecurLinx Holding Corporation (FRA:S8X) of Toronto, Canada. Under the terms of the reorganization agreement, SecurLinx Corporation became a wholly owned subsidiary of the Canadian parent company. The parent company has been accepted for listing by the Frankfurt Stock Exchange with the trading symbol S8X.

“By completing this reorganization with our Canadian parent, we will have access to capital and the ability to use their liquidity to aggressively pursue growth both organically and through acquisition,” stated Barry Hodge, CEO of SecurLinx Corporation. “This will allow us to take advantage of the near term opportunities in the emerging biometrics market place to expand our footprint. We expect this structure to provide significant benefit to our customers and shareholders.”

Under the terms of the reorganization agreement, existing SecurLinx Corporation shareholders received 1.42 shares of SecurLinx Holding Corporation stock in exchange for each share of their SecurLinx Corporation stock. The remainder of the SecurLinx Holding Corporation shares will be sold in the initial offering to fund the company’s business plans. Hodge will become the CEO and Chairman of SecurLinx Holding Corporation.

Hodge further stated, “Deployment of biometric software applications is expanding exponentially around the world. Our goal is to position our company at the forefront of this trend and participate in opportunities both domestically and internationally.”

About SecurLinx Corporation

Located in Morgantown, West Virginia, SecurLinx Corporation is an advanced technology and software development company. The company offers middleware products and systems applied to information sharing, secure access, surveillance, and biometric identification. Our products serve government, law enforcement, and the security industry.

About SecurLinx Holding Corporation (FRA:S8X)

Located in Carlisle, Ontario, Canada, the company was incorporated as 1800987 Ontario, Inc. July 13, 2009. To facilitate the reorganization, the company changed its name to SecurLinx Holding Corporation on June 16, 2011.

# # #

(304) 284-5020

Friday, January 6, 2012

Biometric Technologies, Wildlife Conservation and Your Business

Part of the Wired (UK) series: 25 big ideas for 2012: Connected conservation
Now researchers at the Fraunhofer Institute in Munich have developed a system that can rapidly process images of great apes in order to recognise them more quickly in the wild. The program isolates individual faces and captures their biometric data.
As Fraunhofer researcher Alexander Loos says: "These new technologies mean that human resources can be allocated to more complex tasks than filling out checklists."
This short chapter in the larger Wired series touches upon two key aspects of the biometrics value proposition: ID management and Increased Productivity.

Facial recognition can help transform a task that humans find difficult into a task that we're actually quite good at [see: (Facial Recognition vs Human) & (Facial Recognition + Human)].

In this primate case, facial recognition likely helps researchers become familiar with individuals more quickly and prevents some misidentifications from occurring.

The last quote above is a perfect illustration of the productivity gains that biometric systems can help deliver. Many highly skilled people spend a lot of their time doing identity management tasks that they don't find particularly interesting and that can be done more quickly and effectively with the assistance of better technology. Examples include teachers taking classroom attendance and retail managers shuffling time cards.

If primate researchers in the middle of a jungle have improved their accuracy and efficiency using better identity management technology, your business probably can, too.

Thursday, January 5, 2012

Passports with fingerprints to undergo pre-launch trials in Russia in 2012

Two other experimental e-documents will be issued in 2012 (interfax.com)
Romodanovsky said at a news conference at Interfax in June 2011 that, "the introduction of passports with fingerprints will accelerate interaction with the European Union on the visa-free track."

The FMS currently issues two types of passports - the old five-year passports and the new ten-year e-passports, which are thicker and have more pages. Old passports are less expensive and the sum charged for making them is smaller. Currently, the photograph is the only biometric element in biometric passports in Russia.

New Zealand Passport checks find surge in fakes

Biometric matching has already led to one conviction (The New Zealand Herald)
In a bid to "cleanse" the database before online renewal begins, 4.5 million passport photos were matched against each other by facial recognition technology - a total of 21 trillion biometric checks.

Of those, 210,000 possible matches had to be checked by human eyes and most were discovered to be clerical or imaging errors or identical twins.

But the checks found 47 false passports.
47 might not seem like that many but New Zealand isn't a huge country.

When I looked it up to see how many Kiwis there are I found this government estimate of 4,434,186, which leads me to assume that there was more than one photo per passport holder because there were more photos analysed (4.5 million) than New Zealand has citizens.

Ghana trims 34,000 ghosts from pension payroll

34,000 ghost names removed from pensioners' payroll (Modern Ghana)
In an interview with the Daily Graphic, the Minister of MoFEP, Dr Kwabena Duffuor, stated that the initiative would contribute significantly to minimising payroll fraud and facilitate the cutting down substantially of public expenditure on emoluments.

The government projects to spend close to GH¢6 billion on the wage bill of public sector employees and pensioners in 2012.

But the minister was optimistic that by the time the entire project was completed in June, the nation would have saved close to GH¢1.5 billion.
The project, so far, has processed 54,544 out of the 88,467 pensioners it covers. If one assumes ghosts tend to stand toward the back of the enrollment line, the percentage of ghost pensioners will increase from its current 38%.

Wednesday, January 4, 2012

Privacy, Facial Recognition & the U.S. Federal Trade Commission

Amanda Koulousias, attorney at the United States Federal Trade Commission Division of Privacy and Identity Protection, discusses the FTC's latest efforts to understand the diverse uses of facial recognition and facial detection technology.

Federal News Radio text article

Audio (approx. 7 min.)

See also: FTC Seeks Public Comments on Facial Recognition Technology (FTC.gov)

The FTC is seeking public comments on the issues raised at the December 8, 2011, public workshop, "Face Facts: A Forum on Facial Recognition Technology," which focused on current and future commercial applications of facial detection and recognition technologies, and explored an array of current uses of these technologies, possible future uses and benefits, and potential privacy and security concerns.

The Federal Trade Commission staff are seeking public comments in connection with issues raised at the workshop to further the Commission’s understanding of the issues surrounding the current and future uses of facial detection and recognition technologies.

If you wish to comment, you may do so for the remainder of 2012 here:
Face Facts: A Forum on Facial Recognition Technology; Project No. P115406

This last linked page has a link to the FTC's privacy policy.

So far, so good.

Tuesday, January 3, 2012

Korea: Multi-Modal Biometric Immigration Checks

Korea to Install Fingerprint and Facial Recognition System (IT Times - Korea via @m2sys)
The Ministry of Justice announced on December 26 that non-Koreans aged over 17 who enter Korea will have to be fingerprinted and have their picture taken starting on January 1, 2012.

The regulation went into effect in September last year but it only applied to those who are suspected of forging identification or suspected terrorists. The target of the regulation was expanded in July this year to long-term foreign residents in Korea and will be expanded again to all foreigners who enter the country. Non-Koreans under 17 years old and those with special requests from diplomats or governors will be exempted.

Biometrics in Banking

Very Nice Post & Poll at the Allevate Blog
Is a biometric system fallible? Yes. The question is, is it less fallible then existing precautions already in place, and does the deployment of such a system, in simple financial terms, demonstrate a clear ROI. Again, the answer is: Yes.
Poll question: Would you be happy to replace "Chip and PIN" with "Chip and Biometric"?

Vote at the link.

Monday, January 2, 2012

Why You Are Very Special

The biology of uniqueness (Real Clear Science)

This neat little blog post at Real Clear Science covers some biological facts of human uniqueness and points out that social animals maintain physiological uniqueness even among very large populations.
And don't worry: though the world is growing more crowded, you will remain exceptional. UCLA researchers have found that in social species like ours, the larger the group, the more distinct its members. By focusing on alarm call vocalizations in eight species of social rodents, biologists Kimberly Pollard and Daniel Blumstein discovered that larger group sizes were strongly correlated to increased uniqueness. This made it easier to differentiate between individuals. According to Pollard:
Nature has solved the "Where's Waldo" problem by endowing highly social creatures with more unique features, which helps them find their pals in the crowd.

The History of Fingerprints (and the Death of the Bertillon System)

Following up on the previous post on the Bertillon system, the Bertillon system was supplanted by fingerprints.

This page at onin.com has an excellent run-down of the history of the recognition (and use) of fingerprints as unique to each individual.

Remarkably, the assumption that fingerprints are, in fact, unique dates back to the dawn of history.

The linked page also has an account of the wild circumstances surrounding a famous mis-identification in 1903 that is credited with precipitating the demise of the Bertillon system as the primary identification system used for purposes of law enforcement.
The Bertillon System was generally accepted for thirty years. But it never recovered from the events of 1903, when a man named Will West was sentenced to the U.S. Penitentiary at Leavenworth, Kansas. It was discovered that there was already a prisoner at the penitentiary at the time, whose Bertillon measurements were nearly the same, and his name was William West.

Upon investigation, there were indeed two men who looked exactly alike. Their names were Will and William West respectively. Their Bertillon measurements were close enough to identify them as the same person. However, a fingerprint comparison quickly and correctly identified them as two different people. (Per prison records discovered later, the West men were apparently identical twin brothers and each had a record of correspondence with the same immediate family relatives.)
Criminal twin brothers with the same name killed the Bertillon system.

Thanks to our Chief Technology Officer, Steven, we have found photos of the infamous West brothers on the web site of The National Law Enforcement Officers Memorial.

Here's a close-up of the picture above that fills in some detail:

The Bertillon System: An Early ID Management System

In a post the other day, I made a brief mention of the Bertillion system, also known as anthropometry, Bertillonage and the Bertillon system. "Bertillon system" seems to be the most common usage. Developed for use in criminal identification, the Bertillon System was an extremely important early attempt at using objective, measurable details of the human body for use in establishing an individual identity with a high degree of certainty.

Before 1882 establishing an individual's unique identity usually involved the testimony of trusted individuals. In a criminal trial, witnesses to a crime would swear that they did or didn't see the suspect commit a crime. Establishing a criminal history might rely upon a police officer under oath to establish the suspect's criminal record* [1].

With the invention of anthropometry, a system of body measurements of adult individuals for personal identification, Alphonse Bertillon, then working with the police in Paris, changed all that.

Divided into three integrated parts, Bertillon's anthropometrical system consisted of:

♦ Bodily measurements conducted with the utmost precision and under carefully prescribed conditions of a series of the most characteristic dimensions of bony parts of the human anatomy;

♦ The morphological description of the appearance and shape of the body and its measured parts as they related to movements "and even the most characteristic mental and moral qualities"; and

♦ A description of peculiar marks observed on the "surface of the body, resulting from disease, accident, deformity or artificial disfigurement, such as moles, warts, scars, tattooings, etc."[2]

Bertillon's system, which made the jump across the Atlantic in 1887, was greatly enhanced by advances in photography.

Here's a great example of a Bertillon record from Jersey City, New Jersey 1898 [3]

For a much larger view, Click here.
The Bertillon system was eventually abandoned world-wide because it failed to provide reliable and unique measurements, was too cumbersome to administer in a uniform manner and (unlike fingerprints) it didn't rely on a single measurement of any part of the body for identifying a specific individual.[2]

* Definitively establishing a criminal history that would merit harsher punishment than that meted out to first time offenders might (in certain times and places) also rely upon the highly effective, though irreversible, methods of dismemberment (cutting off the hands of thieves, etc.), branding, scarring and tattooing [1].

An observation: the measurements on the left half of the front of the record (the Bertillon measurements) appear to be in centimeters (metric system) while the height and weight on the right side are in standard units.

Something of a continuation of this post: The Death of the Bertillon system and the History of Fingerprints

[1] Origins of the New York State Bureau of Identification by Michael Harling
[2] Alphonse Bertillon and Ear Prints by forensic-evidence.com
[3] Jersey City Police Department Bureau of Criminal Identification (B.C.I.), New Jersey, USA

See Also:
Alphonse Bertillon - Wikipedia.com

Alternatives to passwords: Replacing the ubiquitous authenticator

Start with a laugh... (SearchSecurity.co.UK)
The joke voted the funniest at the Edinburgh Fringe this year was about an unlikely subject: “I needed a password eight characters long so I picked Snow White and the Seven Dwarves.”
Several approaches to shoring up the password authentication regime are discussed at the link.


New York, Apartment Living, Security & Technology

Safer Buildings with Technology (The Cooperator via @HodgeBarry)
Recent nationwide crime statistics show that New York City and its outlying suburbs has become one of the safest cities of its size in the past 15 years. Nevertheless, in a sprawling metropolitan area encompassing New York and New Jersey, security is always a concern.

“People are either interested in security or they’re not. There are plenty of options out there for a condo or co-op to better protect their building,” says Harry Squasoni, senior vice president of American Security Systems, based in Long Island City. “Most buildings still have keys, which is the worst security alive. Keys go to girlfriends, boyfriends, contractors…you have no idea who has keys to your building.”