Thursday, May 31, 2012

Who Said That? Voice Biometrics for Caller Authentication

That Wasn't Me (IVR Deconstructed) 
Voice biometrics are numerical models of characteristics (like the sound, pattern, and rhythm) within an individual’s voice, and are represented in a voiceprint of spoken qualities.

The technology often acts as a quick, convenient, and secure method of remotely determining an individual’s identity. So why haven’t more organizations integrated these functionalities into their IVR systems?
Click the link for the answer in a really good and concise post about voice biometrics. I'd also encourage you to check out other content at IVR Deconstructed, especially posts by Lisa, for even more thoughtful material on voice biometrics, privacy and logical access control.

In case you're wondering, IVR stands for Interactive Voice Response. I have a name for the IVR technology used by call centers: The Robot Lady. You may also know it as the beast that can only be slain by frantically and repeatedly pressing zero.

See also: Voice Biometrics and ID Management in Call Centers

69 Liberian Ghosts Busted

69 Detected on Payroll (The New Dawn)
The Civil Service Agency or CSA through its biometric system has uncovered 69 double-dipping employees on the government’s payroll. The policy objective of the Biometric system is to capture the true identities of government employees through a Human Resource management Information System using finger prints identification card that is difficult to duplicate or forge.

Wednesday, May 30, 2012

Test of English as a Foreign Language (TOEFL) Adopting Voice Biometrics

Press Release: TOEFL® Program Unveils State-of-the-Art Biometric Voice Identification Software to Increase Test Security Globally (News Blaze)
ETS, the creator of the TOEFL® test, announced the introduction of biometric voice identification to maintain fair and reliable TOEFL testing. The newly announced security measure provides an additional proven technique to add to the TOEFL program's comprehensive security system in authenticating TOEFL test takers globally.

Similar to the highly advanced speaker identification platforms used by government and law enforcement agencies, the software uses statistical pattern matching techniques, advanced voice classification methods, and inputs from multiple systems to compare speech samples from TOEFL test takers. Launched earlier this month, the speaker identification system offers the ability to create voice prints for detailed analysis to validate TOEFL test takers. The new technology will be used as part of test security investigations in 2012 and beginning in 2013 will gradually be used on a larger scale.

"The inclusion of biometric voice identification technology is yet another tool in the TOEFL test security portfolio to ensure test integrity worldwide," explains David Hunt, Vice President and Chief Operating Officer of ETS's Global Division. "Including a state-of-the art speaker identification component to the TOEFL's security system further strengthens our ability to detect attempts to gain an unfair advantage, a common concern in academia today. ETS is committed to identifying and implementing those protocols deemed most effective by leaders in the security industry in safeguarding against fraudulent behavior."
ETS also administers the SAT test.

See also: New York: Seven Arrested For Alleged SAT Cheating Ring UPDATE: SAT, Biometrics & ROI

Any guess why ETS is considering hand-based biometrics for the SAT but voice-based biometrics for the TOEFL?

Fiji Gearing Up for Biometric Voter Registration

Elections office to start registration training soon (Fiji Times)
People will be encouraged to report to the VRC close to them for registration. Registration of one person will not take more than three minutes. This will include the filling out of appropriate forms, picture taken through web camera, identification of thumb print and the printing out of identification card. This identification card will be presented to the polling station during election in 2014.

Source: CIA World Factbook - Fiji

A First-Person Account of Life Without ID

"I have faced many difficulties because of a lack of proof of my identity. I remember one incident which jolted me, leading me to realise that I led a worthless existence."

A unique, legally recognized individual identity is a prerequisite to any sort of decent society. It is an infrastructure without which many things those in the developed world take for granted simply cannot exist: compulsory primary education, successful immunization against preventable communicable disease, social safety nets, effective democracy, and more.

A Rare Biometric Deployment in a Hotel

I'm no hotelier but the management of a hotel seems to entail a multitude of tasks where biometrics could make things a lot easier, yet news of hotels adopting biometric solutions has been so scant that we've only used our 'hotel' label once.

Ibiza Hotel Trials Fingerprint Payment (Wall Street Journal)
It could be the solution to the age-old vacation question: Where do you put your wallet when you are dressed for the pool? Ibiza hotel Ushuaïa Beach claims to be the first in the world to introduce a fingerprint payment system.

Guests register their fingerprints to one or more credit cards. They can then pay for food, drinks and services simply by touching two fingers to a biometric reader.
This deployment reminds me of the Zoom Tan system.

Tuesday, May 29, 2012

Facial Recognition in Art: 15 Minutes of Biometric Fame

I like this one because it's ever-so slightly seditious. If Google's objective is to organize all the world's information, 15 Minutes of Biometric Fame, in a very small way tries to make that job a little harder.

15 Minutes of Biometric Fame by Marnix de Nijs (
A circular track is fitted with a camera crane mounted with an independently operated camera. The camera lens imposes on public space, seeking out and scanning the visitor’s facial features. Rather than identifying a person, the biometric video analysis software assists in comparing their characteristics with a preselected data base of “celebrity” faces.

Compiled by De Nijs from a series of multilingual online search results, the initial 75,000 strong data bank consisted of typical celebrity personages as well as those who have attained fame through exposure on reality television and from the world of internet video. Each individual is tagged with one of twelve categories of stardom in one of eleven languages. These can range from artist to rock or porn star through to soap actor and musician.

See also:
More posts on biometrics in art.

ID Entrepreneurs: Criminal Background Checks

Demand is high, the business is inherently local, and the US Postal Service doesn't seem interested.

Checking backgrounds for a living (Journal-News - Hamilton, Ohio)
“There is a need now, and an even bigger need in the future, for employee background screenings,” Louderback said. “Anyone who works for the government or with kids has to have one.

“It’s a pretty untapped market,” she said. “Not a lot of people do it. There are opportunities out there. You just have to go out and get them. That’s the hardest part.”

Monday, May 28, 2012

ID is About People

Bridging India’s identity divide with a number (BBC)
In one of the world's fastest growing economies, some 40% of people living in villages don't have bank accounts, the number rising to three-fifths of people living in the east and north-east of India. (It is another matter that more than 40% of India's earners have no savings.) One of the main reasons why they don't have a bank account is that they have no definitive proof of who they are.

Also, identity - when available - is fickle and dubious.
You can't be a fully-functioning member of the modern globalized world without a legitimate ID.

"Friends" a threat to your privacy? This facial recognition app might help.

App removes faces from Facebook (SC Magazine)
CeeQ uses sophisticated facial recognition technology developed by National ICT Australia (NICTA) under the $5 million-plus Advanced Surveillance biometric project completed last year.

"It's designed to help users find photos they are in so they can contact the owners or Facebook to get them taken down," Abbas Bigdeli, creator of the application and a lead developer at Advanced Surveillance, told SC at the Biometrics Institute conference.
Biometrics offer exciting possibilities for privacy-protection.

Related thoughts...
Security has a lot to do with trust and privacy is a lot like security. Because they're trusted, it's far easier for friends to undermine privacy than it is for strangers. They're more likely to know your secrets and they're more likely to be connected to those who might care about them. Surprise birthday parties aren't always surprises.

h/t @HodgeBarry

Friday, May 25, 2012

Evolving Understanding of the Evolving Iris

Ageing eyes hinder biometric scans (Nature)
“One iris biometric marketing claim has been that the iris allowed ‘a single enrolment for a lifetime’. This claim is now proven to be false,” he says.

The likelihood of software incorrectly matching two irises from different people is around 1 in 2 million (known as the false match rate). So in practical terms, Bowyer’s results suggest that the false match rate for a system would increase to 2.5 in 2 million after three years had elapsed. This rate sounds low, but the effect appears to be cumulative, says Bowyer: “So although you might not really notice the problem after one year or two years, after five or ten years it can become a huge problem,” he explains.

But some are not convinced that the iris ageing effect will make a noticeable difference to the false match rate — even in huge national iris-identification schemes such as India's, which so far has more than 200 million people enrolled. Biometrics expert Vijayakumar Bhagavatula of Carnegie Mellon University in Pittsburgh, Pennsylvania, says: “In my opinion, the impact of this research is to suggest that iris templates should be periodically updated.”
The iris isn't the only thing that is changing over time, though. The matching algorithm changes, too. It seems to me that it's important to know whether iris matching algorithms are becoming "smarter" faster than a person's iris can change.

Customers should probably keep current on their support contract, just in case.

Biometric Systems: Hacking from the Outside In

Behind all the techno-jargon, Biometric bugs too dangerous for public? (ZDNet) is about biometric lock picking.

In the software world, if your system has a weakness, you can just fix the software, push out an update, and voila, all is well. If, however, your sensor hardware is buggy (i.e. the lock is easy to pick), you face the much more painful prospect of fixing/replacing each sensor.

Read the whole thing. The topic is very interesting from a technical point of view and does a good job of not overly hyping the issue.

Thursday, May 24, 2012

470 Million eID Documents in 2017

Report: “eID in South-East Asia” anticipates over 470 million ID documents in 2017 (Smart Insights)
According to Smart Insights Report "eID in South East Asia", this market is to deliver a steady growth over the period, reaching over 71 million ePassports and more than 350 million eID cards installed in 2017. In addition, around 70 million driver's licenses will be in issue.

Australia: Fingerprints Help ID and Administer Problem Drinkers

Unisys fingers repeat drunks in Northern Territory (IT Wire)
Drunk individuals taken into protective custody in the Northern Territory are being identified using a fingerprint biometric system implemented by Unisys.

One of the problems of dealing with people severely under the influence of alcohol is that they may be unwilling or unable to identify themselves, and not all members of the community carry identification.
In the NT, those who get into trouble with the law while intoxicated three times in three months are placed on the Banned Drinker Register (BDR), and cut off for a year.

More information on the Northern Territory banned drinker register [pdf]

Product Review: Military Grade Fingerprint USB Flash Drive

Imation Defender F200 Biometric Flash Drive Review: Secure but Slow (IDG - Norway)
The Defender F200 is not only stylish, it's highly capable. The drive has been validated to Level 3 of the FIPS 140-2 government security guideline--a lengthy and expensive process. The device uses hardware AES 256-bit encryption and may be configured to use the biometric scanner, a password, or both for a double layer of security. You may also specify two separate fingers to be used for validation. Excuse the morbidity, but it's recommended that you use a finger from each hand in case you lose the use of an arm. The F200 Biometric, you see, is designed for with the military in mind.

Scotland Yard Equipping Officers With Handheld Fingerprint Devices

Mobile fingerprint scanners to be adopted by Met Police (BBC)
The Metropolitan Police is the 25th force in the UK to have adopted the devices.

"Evidence has shown that a full identification arrest can tie-up both the subject and the police officer for several hours," said the Metropolitan Police Service's assistant commissioner Mark Rowley.

"Even a traditional identity check conducted on the street can take an extended period of time to complete.
A big question, of course, is the database these mobile devices communicate with.

Wednesday, May 23, 2012

The BBC looks a UID in terms of lack of ID among the poor.
"I am not saying privacy is not important for many people, but for 300 million people, getting access to daily bread is more important so those people don't care too much about it," says Prof Sadagopan.

Take that, Cilantro!

Software, norms delay UID Phase 2 (Hindustan Times via @francesIDexpert)
There are two major reasons for this slow take-off of the second phase of enrolment.

First is introduction of a new software to register enrolments with new fields for agencies to improve “quality of demographic data”. “All documents, including residence proof, have been made mandatory,” a UIDAI official said. Just not that, now the three biometrics — iris, fingerprints and face — will have to be taken in higher resolution for quicker and easier generation of Aadhaar numbers. The UIDAI has decided to carry out 100% manual check of all biometric exceptions — a person whose biometrics cannot be captured — to prevent a repeat in the second phase. Second is unwillingness of many agencies to adhere to new norms at the old price of maximum R50 for each successful enrolment. This is because the UIDAI for the second phase has decided to impose a penalty of R150 for every error in enrolment and R500 for violation of its guidelines.
That should cut back on the error rate and the amount of credentialed plant life.

Also, ratcheting up quality requirements while keeping compensation per enrollment stable will squeeze less efficient enrollment operations.

Fun facts: Cilantro vs. Coriander... What is Cilantro - What is Coriander

Good Help is Hard to Find

A lot of really good thinking about ID and biometrics comes out of South Africa. In the piece linked below, Marius Coetzee makes some points with which we wholeheartedly agree.

Smart IDs alone cannot tackle fraud
Marius Coetzee, MD of biometric identity control specialist Ideco, says smart identity cards will improve identification processes through the use of biometrics, but they cannot solve the identity fraud problem on their own.
“We've been in this game for the past 10 years. We have seen companies publish tenders for solutions and spend a lot of money on a pilot, only to see poor results. Biometrics is an extremely complex science – if you implement it correctly, working with the right partners, you will see results. If you don't, you will simply waste money.”
ID management technology is a tool managers can use to make certain business processes more efficient, saving the organization money. No technology can manage a business all by itself.

And, of course, as with so many other things, a good partner can make all the difference. The problem is that the larger biometrics vendors don't really want to be that partner for any normally-sized or price sensitive organization and other organizations that could really take advantage of better ID management systems have difficulty finding the partners they need because the expertise is in small companies. Biometrics hasn't been Oracle'd, SAP'ed, Microsoftened or IBM'd, yet, and it's going to be a while before that changes.

Until then, SecurLinx is here to help.

Tuesday, May 22, 2012

300 beggars pin hopes on unique identification number (Times of India)
"Officials said every person had a right to identity and facilities accruing from that and beggars as legitimate citizens deserved it. Based on the card, they're entitled to necessities which will be distributed on the basis of Below Poverty Line definition."
Without a legitimate identity, it's hard to guarantee rights.

UID to Link With Criminal Records System

Home Ministry plans to link its crime records with UIDAI (Economic Times)
The Union home ministry plans to link its crime records with the Aadhar unique identity project, signaling a reversal in its hostile stance towards the Nandan Nilekani-led Unique Identity Authority of India.

The home ministry's 2,000-crore Crime and Criminal Tracking System project, which aims to create a central database of all crime records in the country, will have a provision for linking up with UID or Aadhar numbers, an official associated with managing the project said.

"The big plan is to link crime records with UID," the official told ET. "This will make the database easier to handle and more accurate."
UID has an incredible potential to help bridge Indian bureaucratic silos.

Biometrics Help Ferret Out Passport Fraud in Australia

Increase in passport fraud detections (
A DECISION to upgrade Australian passports with microchip and biometric technology has resulted in an increase in fraud detections, a new report says.

Some people want a passport with a kangaroo and an emu on it so badly that they'll break the law. Biometrics make it harder to get away with it.

Voice Biometrics and ID Management in Call Centers

Voice Biometrics as a Fraud Fighter (Bank Info Security)
The biometric technology analyzes voice characteristics, such as dialect, speaking style and pitch. By collecting and archiving voice characteristics of customers, banks, in theory, could authenticate customers' identities when they call in.

Call center fraud has been escalating. U.S. banks have reported upticks in call-center schemes that rely on social-engineering tricks. The attack: Convince customer service representatives to share or change account details.
The installed base of telephone technology pretty much guarantees that there will be huge incentives for voice recognition technology companies to develop better and better products and for financial companies to adopt them.

This article does a great job with the incentives and challenges of ID management by telephone.

See also:
The Con is Mightier than the Hack
Up to 20% of voice biometric samples could be fooled by ‘wolves’ (UK Register)
Phone 'Line Noise' As ID Management Technique
Voice Recognition ≠ Speech Recognition

Monday, May 21, 2012

Spycraft & Military Intel in a Biometric World

Mission Nearly Impossible (StrategyPage)
The use of biometrics does its job very well keeping out spies, terrorists and saboteurs. The downside is that it also limits the activities of your own spies. This has led to efforts by espionage agencies to get around this "problem." The espionage organizations will not comment on what, if any, solutions they have come up with. That is to be expected.

Meanwhile, the U.S. has developed tools that enable combat troops to use biometrics on the battlefield.
Read the whole thing.

See also: U.S. Military Departs Iraq, Takes Huge Biometric Database with It

Governor Proposes to Prevent New York City From Using Biometrics To Stem Welfare Fraud

Cuomo Pushing City to End Food-Stamp Fingerprinting (New York Times - h/t @m2sys)

This despite the facts that, according to the commissioner of the city’s Human Resources Administration, the system has saved over $35 million over the last ten years and New York City reaches a higher percentage of the food-stamp-eligible population than does the state as a whole.

Identity management is about people so it's not surprising that politics enters into government-run identity management systems.

That's as it should be, but this poll from February found that
53% believe Americans applying for food stamps should be required to be fingerprinted in order to be eligible. More than a third (36%) disagrees, while 11% are undecided.
So in terms of identity management in welfare programs, biometrics work (ROI), they're popular (unless New Yorkers have extremely different opinions of the subject that the US as a whole, 53% for, 36% against), and the governor wants to force the City to scrap them. Well, that's politics for you.

Like I said, Identity management is about people. Politics, too.

See also:
New York City: Fingerprints for Auditing Food Stamps
USA: 53% Favor Fingerprinting Requirement For Food Stamp Applicants

Friday, May 18, 2012

Mascot For The 2012 Olympics Has A Huge Camera Eye

Kashmir Hill's treatment of Wenlock at Forbes is funny. Alas, She has a lot to work with.
London decided to make its surveillance yen a dominant feature of its otherwise goofy mascots. “Wenlock” and “Mandeville” both have a huge single eye made out of a camera lens so that they can “record everything.”
There's even a Wenlock Policeman Figurine. Pictures & video at the link.

If Twitter is more your speed, you can follow Ms. Hill here.

Where Eight Out of Every Seven People are on Welfare...

In TN, ration card holders exceed population (Deccan Herald)
The number of persons with ration cards in Tamil Nadu, as enumerated under the Public Distribution System (PDS), far exceeds the state’s population.
However, the secretary to the state government has informed that the bogus ration cards will be eliminated over the next two to three years after biometric smart cards are issued. Pointing out discrepancies in the verification process, the CAG report said in Chennai district alone (barring one zone), 5.97 lakh “suspected bogus family cards” were identified during a door-to-door verification between October 2009 and August 2010 and stop supply was issued subsequently.

Tamil Nadu
Source Wikipedia
As far as Indian states go, Tamil Nadu seems to do pretty well in many socio-economic categories. Bringing more rigor to welfare programs can only help. Biometrics can be a cheap and effective means to that end.

Biometrics: More Effective than Whipping?

In its efforts toward more effective border control, Malaysia may depend more on biometrics and less on corporal punishment.

Govt mulls abolishing whipping for illegal foreign workers (Borneo Post)
Mohamed Nazri, who is the minister in charge of parliament and law, said since whipping was introduced for illegal foreign workers, the problem of illegals had not lessened but became worse.

“Therefore, a new penalty such as imposing a big fine could perhaps replace whipping.” He said new technology such as the biometric system could be an effective measure to control the entry of illegal foreign workers into the country. Asked whether Malaysia planned to abolish whipping for other offences, the minister said it was more suitable for serious offences like rape.
In other Malaysia news...

Malaysia to scrap disembarkation card for foreigners (Asia One)

More on South Africa & Biometrics

Identity control is IT reality (IT Web - S. Africa)
“SA is a world leader in the use of biometrics. The future must be co-operation and not isolation. There must be an integration of security expertise. Identity control is an IT reality.”

He added that the use of fingerprints allows physical access, cuts losses, reduces risk, has proven ROI, increases security and accelerates processes.

To address the enormous risks associated with cards, PINs and passwords, organisations must authenticate, authorise and audit.
Other posts dealing with South Africa...

Thursday, May 17, 2012

South Africa: Biometrics Elections by 2014

ID smartcards by next elections (Engineering News)
She said the aim of a pilot project, currently underway, was to test how accurate the new system was, and whether it was ready for the phase-in stages.

A national identity system would capture biometric and biographic details of all South Africans and foreign nationals.

In the next 18 months of the pilot project, the department would start issuing the smart cards to all first-time applicants, Dlamini-Zuma said. Later, the department would recall the green identity books to replace them with smart cards.

Israel joins US's Global Entry program

Tens of thousands of Israelis to enjoy expedited clearance in US airports for $100 fee (ynet)
Global Entry is a relatively new program initiated by the US administration which aims to ease the entry of foreign and American citizens to the US. Six countries have thus far joined the program - Britain, Holland, Qatar, Austria, New Zealand and Japan – while 250,000 American citizens have registered.

The program aims to help frequent travelers to the US, usually businessmen, diplomats and relatives of US citizens.
Mexico (SENTRI) and Canada (NEXUS) also have bilateral agreements with the US.

Wednesday, May 16, 2012

India: UID statistics, labor requirements and budgets

Also, a note about ID's for the transgender Indians... Govt sets Aadhaar rolling; 19,000 transgenders get their cards

See also: India: Gender Minorities Need, Fear UID

Market Forecast: Biometrics In Financial Services

Analysts forecast the Global Biometrics Technology market for Financial Services to grow at a CAGR of 40 percent over the period 2011–2014.

Tuesday, May 15, 2012

Get me rewrite.

Very Odd "Facial Recognition" Article at

Two things jumped out at me while reading San Francisco bars: Buy a drink, become profiled by cameras by Charlie Osborne at the scare quotes around forms of the word 'anonymous' and a novel formulation of privacy.

The scare quotes are here...
Venturebeat reports that Chicago-based startup Scenetap has combined “anonymous” facial recognition technology in venues with mobile technology so socialites can choose where next to go on a Friday based on their preferences — all provided through cameras in different venues.
...and here...
Scenetap promises the technology collects data “anonymously” and nothing is recorded or stored, and it is based on sophisticated profiling technology to approximate sex and age.
But why the scare quotes? By any definition, what Scenetap does is anonymous. It is specifically designed and marketed to clubs and their patrons as a means for gathering demographic information and that information cannot be traced back to a specific individual because it uses no individual identifier such as a person's name (or cookie, but we'll get to that later). To go further and collect personally identifying information would require a real facial recognition system which would be very expensive, require a large investment in training and labor and probably wouldn't provide a sufficient return on investment (ROI) in a club/bar setting to make the effort worthwhile.

Then there's the conception of privacy in this passage.
This type of technology is already prevalent online, where customer preferences and habits are tracked — in order to recommend products or pages you may be interested in. As we cannot see the data being collated, it seems less of a privacy issue than knowing that cameras above are observing you — even though the information collected about your online activity is far more vast.
There's absolutely no equivalence between Scenetap and The image below shows that places two cookies on a visitor's computer and runs seven programs in the background of which most users would be completely unaware: three for tracking the user; three for connecting to social media; and one to monitor the site's performance. One of the trackers, Crowd Science, even claims to be able to tell about users' interests, preferences, lifestyles, attitudes, opinions and incomes.

Real world demographic analysis tools like Scenetap do no such thing. It's a dead certainty that is collecting far more (and far more individualized) data, a fact that is acknowledged at the end of the quote.

Then there's the part where transparency and privacy are inversely related because "As we cannot see the data being collated, it seems less of a privacy issue than knowing that cameras above are observing you."

"Out of sight; out of mind" and "what you don't know can't hurt you" aren't theories of privacy one sees many people advancing these days. By this logic, bricks-and-mortar demographics analysis can attain's level of respect for individual privacy by collecting vastly more information and using facial recognition technology to track individuals as long as they hide the cameras.

I don't want this post to come across as grousing about what web sites do. The folks at are working hard to put food on their family just like the rest of us and people should understand that if they aren't paying, they aren't the customer; they're the product being sold. That's just the way it is. This is completely uncontroversial to those who operate in the online economy; but let a bricks-and-mortar organization deploy a tool that collects far less information and there's a tendency for those in the online world to come down with a collective case of the vapors. Physician, heal thyself.

See also:
Retail Marketing Technology Online and In Person

Without Biometric Voter Verification, Ghana May Spend Much to Accomplish Little

Biometric verification in December polls will be suicidal - Ephson (Modern Ghana)
Ben Ephson served the warning on Accra-based Radio Gold's Power Drive morning show on Wednesday and according to him, voter verification would not be a panacea to vote rigging or electoral fraud in the December 7 polls.

He added that what will be useful is vigilance from all stakeholders to make the electoral process free and fair. Ben Ephson further added that the best the biometric voters register could do would be to prevent multiple voting. It would however not be able to stop people from altering figures generated from the polls.
"Panacea" has nothing to do with it. Without verification, the biometric enrollment exercise undertaken in Ghana can only tell you how many bad credentials (that can still become a vote) have been issued by legitimate authorities.

Without biometric verification, the whole enrollment exercise turns on the ID document. A document-dependent electoral system can be successful if three conditions are met: The process whereby legitimate documents are issued is very rigorous; The document is extremely difficult to counterfeit; And there is no significant corruption of the ballot-stuffing or ballot destroying variety.

Rigor in the document creation would include such measures as a real-time biometric query against the database of registered voters before issuing a new registration card in order to prevent duplicate registrations. Making a document difficult to forge involves high tech printing techniques or embedded biometrics for later verification. The corruption part is a function of culture and institutional controls.

Are these three conditions satisfied in Ghana? No; No & I don't know.
♦ No, there is no real-time check to prevent issuing multiple cards to the same individual
♦ No, the printer used to create the card is a very ordinary desk-top printer
♦ I don't know much about Ghana's cultural and institutional ability to resist corruption but judging by published editorials, at least some people are very worried about potential shenanigans.

Avoiding over-reliance on the physical ID document is perhaps the greatest benefit of using biometrics in elections. If there is no biometric voter verification, the only voting requirement is to have a more-or-less convincing registration card with a more-or-less convincing photo on it.

Biometric verification by making the finger rather than the paper the overriding criterion for receiving a blank ballot, confers two tremendous advantages. Multiple voting can be made extremely difficult even for people who have multiple government issued registration cards. Second, ballot stuffing can be curbed because an audit of the total number of votes recorded can be compared to the number of fingerprints verified on election day as legitimate voters.

By creating the a perception that the electoral apparatus is more effective than it really is, implementing a biometric voter enrollment system without biometric voter verification may even lead to more electoral uncertainty than the system being replaced.

A well-thought-out biometric voting system can reduce fraudulent voting to very low levels but it's also possible to spend a lot of money on a leaky system that involves biometrics without accomplishing much in the way improving the integrity of the vote. There is reason to fear that the Ghanain system more closely resembles the latter than the former.

Ghana has since made statements indicating a desire to biometrically verify voters' identities on election day.

Ghana opts for biometric voter verification

Verification hardware to be tested

Monday, May 14, 2012

Nigeria to take biometrics at all border crossings (Vanguard)
On the rising tide of insecurity, Moro disclosed that biometric machines had been ordered to enhance the collation of biometric data of anyone coming into the country and going out.
It's hard to argue with commenter 9ja4Justice.

India: Voter ID may double up as Aadhaar card (Deccan Herald)
“We will have the unique identification numbers provided by the UID printed on the election IDs,” Quraishi said. The single ID would enable the holder to prove his elector credentials and also access the benefits of government services under Aadhaar.

UAE: New technology puts end to passport fraud (Zawya)
Dubai Visitors trying to slip into the country using fake identity documents are increasingly being caught at Dubai International Airport thanks to new passport-reading and biometrics technology designed to root out fraud.

Using the Body as a Unique Link Between Gadgets

Using the human body as a unique link between gadgets will not lead to novel biometric modalities.

Recently, a couple of different groups have created prototypes that use the human body as a link between two gadgets, one mobile and the other, stationary. The first used an acoustic signal transmitted from a smartphone through the user's body to a doorknob to unlock the door. The second used electrical signals to transmit an MP3 file through the users body to a speaker system. That's pretty cool.

In their most basic use cases (using the body as a wire), these innovations accomplish little that couldn't be accomplished with a USB cable. But if these technologies come to incorporate a biometrics and ID management element, they could kick start a revolution in mobile computing and ID management.

It's not hard to see how future iterations of similar systems might use biometric modalities already in use — such as integrating a fingerprint reader with the conduction sensor for authenticating a data link — but both sets of innovators have something more profound in mind: using the electrical/acoustic properties of the body itself as an identifier.
The company is looking at different applications. Bhikshesvaran said the company was exploring the notion that it could end up being a new biometric footprint, since bodies all possess a unique energy signature. The company hasn't quite figured that one out yet.
Amento and his colleagues think they can add another layer of security to the smartphone key, too — one that's based on the unique properties of people's skeletons. Because of differences in bone lengths and density, people's skeletons should carry vibrations differently, they think.
My guess is that the fingerprint verification at one end of the link will be relatively straightforward, provide strong authentication and will work well enough to render the development of the new conduction/acoustic modalities impractical even over the very long term.

This is because in order to displace the well-understood modality of fingerprints and in order to make developing them worthwhile, the novel approaches will have to prove themselves to offer advantages far in excess of fingerprints (in order to justify the R&D outlay) and I don't see this happening.

Q: Are the electronic and acoustic properties of individuals stable?
A: Compared to fingerprints, I doubt it. Changing the chemistry or mass of a body will lead to minute changes in its electric or acoustic properties. Drinking a sports drink will change electrolyte levels and cause a tiny change in electric properties. Visiting a buffet, wearing a heavy backpack or changing shoes will change the acoustic properties of a person at least a little.

Q: Are the electronic and acoustic properties of individuals unique?
A: Compared to fingerprints, I doubt it. Fingerprints can be as funky as they want to be without killing anyone; not so with the chemistry behind conductivity or the skeletal structure of a person.

Q: How easy is it to measure the properties involved?
A: Conductive and acoustic properties may be unique enough for a team of doctors with infinite resources and lots of time to make a positive ID but not unique enough to enable a very fast, cheap and confident identification.

But the biggest reason these novel approaches are extremely unlikely to be adopted in the competitive marketplace is the very nature of the technology (skin on hardware) lends itself perfectly to the cheap, well-understood and reliable fingerprint tech. No other modality actual or theoretical stands to recommend itself more highly than finger/hand based biometrics and no profit seeking organization will likely devote the resources necessary to establish the reliability conduction/acoustic biometrics that will at best only ever be equal to fingerprints.

The more novel approaches will probably only ever be used as a method of weak authentication such as liveness testing so as to thwart the old rubber finger trick.

Friday, May 11, 2012

UK Border Agency Holding Mobile Biometric Clinic in Antigua & Barbuda

Lately, most any mention of the UK Border Agency (UKBA) in the media will have focused on the crisis in UK border management. To day a small item on the UKBA gives us cause to contemplate not three hour waits to clear customs, but the Caribbean paradise of Antigua & Barbuda.

Antigua & Barbuda. Source: CIA World Factbook

UKBA to offer one-time mobile biometric clinic in Antigua & Barbuda (
The UK Border Agency will provide visa applicants from Antigua & Barbuda with a local Mobile Biometric Clinic on 18 May 2012. The one-time mobile biometric clinic will be located in St John's, Antigua.
Recently the UK expanded the biometric system to require all applicants from outside the European Economic Area (EEA) applying to stay in the UK for more than 6 months to register their fingerprints and digital facial image. 

Customized Biometric ATM's Available to Public Sector Banks for Use in Rural India

Govt banks to install 60,000 more ATMs (Business Standard)
Customised ATMs for rural areas are also being tested. “The machines used in metros may not be relevant in rural areas,” said Jaivinder Gill, managing director, NCR Corporation. He said the company had developed machines that could interact with the user in 23 languages and use biometric authorisation as a safety feature if the user was not comfortable with PIN identification.

Nigeria: Senate Committee Recommends Cessation of Biometric Central Motor Registry

New number plates: Senate slashes cost to N8,400 (Punch)
Among a host of other fee reductions associated with the regulation of motor vehicles, the Nigerian Senate Committee on Federal Character and Intergovernmental Affairs has recommended that the Police cease implementation of the Biometric Central Motor Registry, saying that doing so would save vehicle owners N3,500 and avoid duplication and additional burdens on Nigerians.

For background, see: Police flagoff biometric registration of automobiles

Thursday, May 10, 2012

Ghana Biometric Voter Roll: Beyond the Big Push

EC To Undertake Continuous Voter's Registration Next Year (Ghana Soccernet)
The Electoral Commission (EC) would undertake continuous voter?s registration exercise at the District Electoral Offices of the Commission next year, for those who had attained 18 years and those who could not register during this year?s biometric voter?s registration exercise.
Good thinking. Eventually, organizations have to switch from a "system start-up" mode to a "system maintenance" mode.

UK Border Management: Revolution on the Horizon

This is not the most convenient time for Britain to be undergoing a complete rethink about how it manages its border — the best time is always before a crisis — but the UK may no longer have the luxury of choosing the timing of a significant revamp.

UK Border watchdog attacks airport gridlock (Financial TImes - Reg. Req.)
Bad management of diminishing numbers of staff and failure to make the most of electronic scanning gates are behind the immigration gridlock at airports, says a report by the border watchdog.

John Vine, the independent chief inspector of borders and immigration, hit at the lack of any “cohesive” management plan at Heathrow, at a time when the Home Office faces mounting pressure to end long queues at the UK’s largest airport as well as Stansted and the Eurostar before this summer’s Olympic Games.
See also:
UK Border Scandal Update: Independent Inspector's Report Published
UK: Airlines Warn Government of Potential Gridlock this Weekend
Does £9m Really Buy 60 Immigration Agents?
UK Struggling with Both Halves of International Traveler ID

Unisys Security Index Survey Finds High Levels of Support for Biometric Solutions

The dedicated home for the Unisys Security Index is a gold mine of information about how security issues are perceived by the public in Mexico, Colombia, Hong Kong, Brazil, Germany, New Zealand, US, Belgium, Spain, Australia, UK, Netherlands and globally.

In general Unisys has found that individuals have shifted their attention from national security issues to individual security issues and (except Brazil & Mexico) are more focused on information security than physical security.

The video below shows that people are extremely receptive to biometric ID management solutions for better security.

Mobile Security & the Bi-annual Unisys Security Index Survey (Help Net Security)
Unisys also surveyed U.S. respondents on their preferences for securing their mobile work devices when used outside of the workplace. Fifty-five percent of U.S. respondents said they prefer using complex passwords (combinations of uppercase and lower case letters, symbols and numbers) for mobile security.

Biometrics such as fingerprints, voice or facial images were the second most preferred method, with 37 percent of respondents showing preference for one or more of those methods for protecting mobile devices outside the workplace.

Nearly a third (32 percent) of respondents said they prefer simple passwords for securing their mobile devices outside the workplace.

"This is a worrisome finding for executives and enterprise IT managers," Vinsik added. "Passwords alone simply do not provide a sufficient level of security to protect sensitive data against today's sophisticated cyber criminals. Organizations need to leverage the use of facial and voice biometrics that most smart phones are capable of supporting today."

Wednesday, May 9, 2012

Biometrics In Schools - Some Perspective

Biometric Scanner Use At Schools Prompt Parent Concerns (10TV Ohio)
Central Ohio schools’ use of new technology has prompted safety concerns for some parents, 10TV’s Tanisha Mallett reported Tuesday.

Biometric scanners store information that can be accessed when a finger touches a scanner.

Tina, a mother of a middle school student, said that she was concerned about privacy rights.

“To me, this is a total civil rights violation for myself and for my child,” said Tina, who did not want to use her last name.
Stories like this are a lot rarer than they used to be, still...

If schools are unable to keep data secure, biometric template information is the last thing that should concern parents.

Schools also keep academic records, behavioral records, medical records, socio-economic assessments for administering school lunch programs, home address information, counseling notes and a ton of other information that is much more sensitive than a fingerprint template consisting of a string text characters that cannot be used to learn anything about a student.

Other posts on biometrics and schools.

See: This is What a Fingerprint Template Looks Like

News from India...

Around 50,000 Aadhaar Cards Sent Back Due To Fake Addresses: Report (Media Nama)

IIM USA Conference: India’s Unique ID a ‘Game Changer’ (India West)

Now, pension disbursal through smart cards (The Hindu)

US relaxes visa norms for renewals (The Hindu)

Fingerprint Technology Improves Physical & Financial Security of Ugandan Women

With growing financial independence, Ugandan women face new challenges
Nancy Acieng stands outside the door of Pride Microfinance Limited, a bank in Kampala, Uganda’s capital. A fairly educated woman, she works hard to earn money selling fresh food and fruit from a roadside stall.

She says her hard work used to go to waste because her husband routinely stole her ATM card and withdrew the contents of her account. But thanks to the bank’s new security measure that requires customers’ fingerprints to withdraw money, she now has full control over her finances.

“He still beats me sometimes,” Acieng says. “But he cannot steal my money anyhow, anymore. Using the fingerprint technology changed and improved my security – both physical and financial.”

Ghana Biometric Voter Registration Wrap-up

EC analyzes voter registration today (Modern Ghana)
The exercise, which began on March 25, 2012, officially ended on May 5, 2012, and though the EC is yet to come out with the official figures, it is believed that about 12 million Ghanaians have registered to vote in the December 2012 elections...
More on suspected multiple registrations at the link.

Massachusetts & Secure Communities

Bristol County Sheriff Thomas Hodgson welcomed the news that the program will go into effect statewide May 15 (South Coast Today)

Here's the AP's take:
Controversial immigration program goes ahead despite Gov. Patrick’s objections

The program appears to be popular with elected law enforcement officials (county sheriffs) but less so among other elected leaders (the governor and some city councils).

Click here for DHS ICE coverage PDF.

The comprehensive PFD at the ICE site has detail for each state. The only participating county in Massachusetts led to the detection of roughly the same number of re-arrested criminal aliens as in entire state of Missouri.

See post below for a national perspective on Secure Communities.

ICE Secure Communities Nationwide Coverage Map: May 2012

Immigration and Customs Enforcement Secure Communities:
The highest priority of any law enforcement agency is to protect the communities it serves. When it comes to enforcing our nation's immigration laws, U.S. Immigration and Customs Enforcement (ICE) focuses its limited resources on those who have been arrested for breaking criminal laws.

ICE prioritizes the removal of criminal aliens, those who pose a threat to public safety, and repeat immigration violators. Secure Communities is a simple and common sense way to carry out ICE's priorities. It uses an already-existing federal information-sharing partnership between ICE and the Federal Bureau of Investigation (FBI) that helps to identify criminal aliens without imposing new or additional requirements on state and local law enforcement.

The U.S. Immigration and Customs Enforcement released a full update of every county participating in the Secure Communities initiative and when they came onboard. Click here for the full PDF.

Here's what the map looked like in November 2011.

In other news, it appears that by the time the next report comes out, Massachusetts may be colored green...

Bristol County Sheriff hails federal decision to launch Secure Communities program in Mass. (South Coast Today)
Bristol County Sheriff Thomas Hodgson welcomed the news that the program, designed to determine suspects' immigration status, will go into effect statewide May 15. "It's a big victory for the law enforcement community," said Hodgson, who had fought to bring the program to the state. "It's a big victory for the citizens of Massachusetts." When a suspect is brought to a Bristol County jail, his or her biometric fingerprint information will be shared not only with the Federal Bureau of Investigation — as is currently the case — but also with immigration officials, he said.

Tuesday, May 8, 2012

Face-Rec iPhone Unlock

FaceVault App Brings Facial Recognition to iOS [VIDEO] (Mashable)

Hardware Reviews: Samsung Galaxy S III

Smooth as silk, impressive facial recognition, camera could be better: We get our hands on the Galaxy S III (The Mirror)
The phone's most significant feature is facial recognition which it's taking to a whole new level.

Rather impressively, the makers boast the S III can tell when you are looking at it and a screensaver won’t be activated when your eyes are fixed on the handset.

When I briefly got my hands on the device earlier tonight the feature seemed to work just as promised but I still would like to see further evidence of this.

Voice recognition, a common feature of many smartphones today, was also part of the package but Samsung are offering you the chance to personalise up to five vocal commands.
Samsung Galaxy S III is official, but not yet for the U.S. (Consumer Reports)
At its Unpacked event tonight in London, Samsung unveiled its Galaxy S III smart phone, a 4G LTE phone with a 1.4 quad-core processor—one of the first ever on a smart phone. It also has a giant 4.8-inch HD Super AMOLED (1280x720) display and an impressive array of sensors and software that recognize gestures and biometrics to make phone navigation more intuitive.
Samsung Galaxy S3 Release Roundup: Top Ten Reasons to Upgrade [VIDEO] (International Business Times)
Check out the list of top ten reasons why you should ditch your old smartphone and get the Galaxy S3...
As far as I can tell, the phone uses several technologies related to biometrics such as speech recognition (not the same as voice recognition) and eye detection (an important step in, but not the same as, eye recognition), but doesn't quite cross over into using those technologies for identity management or for controlling access to the device.

It does seem like a really cool phone though, and besides, biometric application developers might just find that the device has the horse power and on-board hardware necessary for adding some ID capability to the device later.

Biometrics For Safer and More Accurate Clinical Trials

clinicalRSVP Presents Dual Enrollment Prevention Observances at ACPU Meeting (Genetic Engineering & Biotechnology News)
clinicalRSVP (Clinical Research Subject Verification Program), an online participant registry that prevents clinical trial volunteers from being enrolled in more than one trial at a time, recently contributed key insight on subject registries in a featured session at the 21st Annual Association of Clinical Pharmacology Units (ACPU) Meeting held at the National Institutes of Health (NIH) in Bethesda, Md. The session focused on the impact of subject registries and their capacity to reduce business and safety risks posed by dual enrollment.
Smith added that for a registry to be truly effective, biometric identification is necessary for complete accuracy and participant privacy. clinicalRSVP is the only registry in the industry that provides biometric technology to validate participant eligibility.

“We chose a biometric system over a non-biometric system to minimize the required demographic information needed to identify subjects allowing us to maximize subject privacy and confidentiality,” Smith stated.
Notice how, in the last sentence, biometrics are used to enhance privacy, rather than to erode it.

Ramping Up Biometrics Use in India's Targeted Public Distribution System

Smart Card project in Chandigarh takes off (Voice & Data)
Smart carda will replace existing ration cards. It will have biometric features (fingerprints) of adult members of beneficiary families. This is based on the verification of genuineness of the beneficiary family.
For a better sense of how to streamline welfare programs with biometrics, see How UID Delivers the Goods.

Monday, May 7, 2012

Security & Trust

I love it when InfoSec Island gets all philosophical about security.

Today's example is the excellent Understanding Trust  by Kevin W. Wall.
At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”. We may deal with managing risk some other time, but today I want to focus on ensuring trust.

In order to ensure trust, we first must understand not only what it is, but what its properties are...
Read the whole thing.

For an earlier example, see: Human Security is Weaker than IT Security*

While Infosec Island (obviously) concerns itself with Information Security ("logical access control" for ID management types) much of their analysis can be applied to the world of physical security as well.

*Human Security is Weaker than IT Security inspired this post: The Con is Mightier than the Hack

Nigeria: A Fingerprint for Every Vehicle

Police flagoff biometric registration of automobiles (Vanguard)
...Against this backdrop, the police will today flag off the biometric registration of automobiles, during which all vehicles, motorcycles and tricycles are expected to be registered.
He said: “Police BCMR is a technological means of attaching automobile owners’ special and unique biological traits as well as personal data to their vehicles for easy identification, authentication, protection and crime control. It operates on a smart card and hand-held card reader with a specially- developed enterprise solution for the centralisation and validation of vehicle documents.

Two 'Times of India' Pieces on UID: Bad News & Context

A couple of articles in the Times of India today reflect poorly on India's UID project. Links follow and we provide a bit of context.

Over 11.5 lakh applicants waiting for unique identification cards (Times of India)
"Till February 15, almost 30 lakh applicants in Bihar registered for the UID cards. About 18.5 lakh of them have so far been delivered their cards," Anil Kumar, marketing director, postal department, told TOI. "We were supposed to deliver the cards within 95 days from the date of enrolment. But matching process takes time leading to delay in delivery of cards," he added.

The slow speed led to the government halting the process till the postal department delivered the cards to all the applicants.
Approximately 62% of Bihar enrollees have received their UID cards (lakh = 100,000).
Total 2011 Bihar population = 103,804,637.

See also: UID May Ditch India Post, one of our most-viewed posts this year.

UIDAI: Finance Ministry gives cold shoulder to Aadhaar project (Times of India)
The national project to give unique identity numbers to all Indians, and enable welfare payments electronically, is now facing a snub from the very part of the government that funds it, and has been its most staunch supporter so far: The finance ministry.

Two moves initiated by the banking division in the finance ministry over the past three months appear to duplicate and bypass the work being done by the Unique Identification Authority of India (UIDAI) in enabling payments using its Aadhaar number and biometrics.
Read the whole thing. Evidently many Indian banks, government departments, etc) are chomping at the bit so hard for better ID management solutions that they are contemplating going their own way and developing their own systems instead of waiting for the UIDAI.

Doing this would be easier for some organizations than others based upon size (smaller = easier), potential ROI, and managerial acumen.

It's possible that some leading lights of India's large organizations have been thoroughly persuaded of the wisdom of large-scale biometric deployments (the idea of UID) but have become skeptical that the largest scale deployment imaginable (the UID project, itself) is likely to succeed, or that UIDAI can pull it off. Of course, there are other possibilities, as well. We'll see.

Hackers Targeting Human Resources (HR) Departments

The Malicious Hacker's Ever-Sharper Eye (Tech News World)

Number one on Georgetown University's Information Security Office list of the  most dangerous things you can do online is opening attachments from unknown senders, which is pretty much a job requirement of many HR staff. Hackers, being the clever lot they are, are seizing on this by targeting HR staff with attachments delivering malicious software.

This development should keep HR executives and corporate officers awake at night.

As this earlier post about privacy, HR and biometrics discusses...

Employers record an employee's:
Legal name
Home address
Government issued tax ID number
Salary and other income information
Performance Reviews and Disciplinary Records

An employer that provides health benefits may also have private information related to the employee's:
Sexual identity
Certain medical conditions
Drug and Alcohol counseling

When pay checks are deposited directly to employee bank accounts, the employer also has bank account information.

Employers already have extremely sensitive information that, in the wrong hands, can be used for identity theft, harassment, discrimination and any number of other abuses...

Those who have concerns about the quantity and nature of the personal information maintained by employers might find a privacy ally in biometrics by requiring biometric verification of HR staff as a prerequisite to accessing records containing sensitive personal information.

We have repeatedly suggested (see this) that biometric verification of IT staff with Administrator access to data is a very good idea. Given their increased risk of being hacked and the type of data they manage, conditioning access to employee records upon biometric verification of HR staff is equally important.

Large organization administrators losing control of customer information is bad. Losing control of detailed employee records is awful. I pity the management team that has to manage both crises simultaneously.

If you'd like to protect your organization against this risk, please consider giving SecurLinx a call. We can help.

Friday, May 4, 2012

Consumer Reports: Facebook & Your Privacy

Who sees the data you share on the biggest social network? (Consumer Reports)

A Consumer Reports guide to privacy on Facebook with lots of facial recognition talk. I couldn't embed the video, but it's good, too.

A sample:
Some people are sharing too much. Our projections suggest that 4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million “liked” a Facebook page about health conditions or treatments (details an insurer might use against you).

Some don't use privacy controls. Almost 13 million users said they had never set, or didn’t know about, Facebook’s privacy tools. And 28 percent shared all, or almost all, of their wall posts with an audience wider than just their friends.

Facebook collects more data than you may imagine. For example, did you know that Facebook gets a report every time you visit a site with a Facebook “Like” button, even if you never click the button, are not a Facebook user, or are not logged in?

Your data is shared more widely than you may wish. Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your data to be transferred to a third party without your knowledge.

Legal protections are spotty. U.S. online privacy laws are weaker than those of Europe and much of the world, so you have few federal rights to see and control most of the information that social networks collect about you.

And problems are on the rise. Eleven percent of households using Facebook said they had trouble last year, ranging from someone using their log-in without permission to being harassed or threatened. That projects to 7 million households—30 percent more than last year.
See also:
Is Facebook using logical access control policies to gather information about its users?

China: Fingerprint-on-Chip Passports from May 15

Chinese passports to get chipped (People's Daily)
The new passports will look similar to traditional ones but an electronic chip will be inserted inside containing elements including the holder's name, date of birth, photo and finger prints, said a statement from the ministry.

Under preparation for three years, the new passports will be available from May 15.

Team Nigeria's Biometric Enrollment for London 2012

Nigeria: NSC Begins Athletes, Officials' Biometric Data Capture (All Africa)
The National Sports Commission (NSC) yesterday at the Abuja National Stadium began the second session of the biometric data collection of Team Nigeria's athletes and officials for London 2012 Olympic Games coming up in July.

The exercise, which the first session was carried out in Lagos, is at the instance of the British High Commission in collaboration with the London Games Local Organising Committee (LOCOC) to identify the authenticity athletes and officials for the upcoming 2012 Olympic Games.

South Africa Social Security All-In on Biometrics

SASSA gets biometric system (IT Web)
The South African Social Security Agency (SASSA) will re-register all its beneficiaries through a biometric enrolment system to ensure life verification and identity authentication of beneficiaries.
The article is very short but packed full of information about the problems the new system is built to address and estimates of how much money can be saved in the social security system.

UK Struggling with Both Halves of International Traveler ID

An effective ID management regime must accomplish two things. It must enroll individuals in the ID management system and it must establish a means of verification when an enrolled individual makes a claim as to their identity.

Britain's issues with timely verification have been well documented and well publicized lately.
See: UK Border Scandal Update: Independent Inspector's Report Published and
UK Airlines Warn Government of Potential Gridlock this Weekend.

The enrollment process (collecting information, issuing identity documents such as passports and visas, etc.) had avoided embarrassment... until yesterday, that is.

You can take your pick of the British news outlets below, but the gist of it is that yesterday the UK Border Agency temporarily lost the ability to create enrollments in their ID management system, inconveniencing a whole lot of people.

BBC: UK Border Agency (UKBA) ID card system crashes
CIO: UK Border Agency ID system crashes amid queuing chaos
The Guardian: UK Border Agency computer failure leaves thousands unable to travel
The Register: UK Border Agency servers go titsup, thousands grounded

It's unlikely that there is a technical connection between the problems on the enrollment side and the problems on the verification side of the UKBA ID equation, but there is definitely a management connection. It is also clear that many lack confidence in the international ID management infrastructure of the United Kingdom.

The timing for a crisis couldn't be worse. The UKBA is confronted with the challenge of improving its performance under conditions where simply maintaining its service standards would be seen as a great accomplishment, given the heightened security concerns, increased volume of travelers and the international visibility associated with the Olympics.

Border checks could be eased for 'trusted' passengers to cut queues (Daily Mail)
UK-US Bilateral Border Agreement in the Works? (SecurLinx blog)

Thursday, May 3, 2012

New Standard Protocol Allows Web-Based Biometric Acquisition

New Protocol Enables Wireless and Secure Biometric Acquisition with Web Services (

The WS-Biometric Devices protocol will greatly simplify setting up and maintaining secure biometric systems for verifying identity because such biometric systems will be easier to assemble with interoperable components compared to current biometrics systems that generally have proprietary device-specific drivers and cables. WS-BD enables interoperability by adding a device-independent web-services layer in the communication protocol between biometric devices and systems.
This ought to help out a lot with interoperability. Thanks, NIST!

Shrinking the Sensor

Fujitsu makes vascular biometric sensor small enough for tablet hardware (Softpedia)

UK Political Process Yields Biometric Guidelines

Protection of Freedoms Act comes into force and lays out new laws on DNA retention and surveillance cameras (Out Law)

The new law touches upon CCTV, surveillance, fingerprints, DNA, schools, law enforcement, national security and sets guidelines for the proper handling of biometric information for different combinations of the above.

A new technology is never either entirely good or entirely bad, though by helping people to accomplish more with less effort, successful technologies will, by making the people who adopt them more productive, do more good than harm.

The UK's new law seems to strike a balance that attempts to allow people to capture the productivity gains offered by biometric technologies while mitigating the potential for the abridgment of individual rights either through abuse or unforeseen circumstances. This is as it should be.

The passage of the Protection of Freedoms Act is an important "Biometrics in Society" event and the Out Law article linked above does an excellent job of conveying its breadth.

Wednesday, May 2, 2012

Security word of the day: Steganography

Updated & Bumped...

Steganography (Merriam-Webster)
- the art or practice of concealing a message, image, or file within another message, image, or file

More, including etymology at the link.

Recent news provides us with an excellent example.
Suspected al Qaeda operative encrypted terrorist plans in porn file (The Verge)
...[T]he cards and drive (found in Lodin's underwear) appeared to primarily contain a pornographic movie called "Kick Ass" and a file marked "Sexy Tanja." After weeks of work, however, investigators found that the video was actually a steganographic file, hiding over a hundred hidden documents believed to have come from senior al Qaeda members.

Biometrics Help Increase Access to Banking Services & Reduce Fraud

Tiruvarur tops in biometric card distribution for pension disbursal (The Hindu)
It was a major scam unearthed by the Central Bureau of Investigation (CBI) in September 2010 in the disbursement of Old Age Pension (OAP) to senior citizens that prompted the authorities to explore alternative methods to ensure disbursement of several social security pension schemes.

Traditionally, pensions have been disbursed through the Postal Department.

After the change of guard in the State in May 2011, the new government promptly announced that pensions would be disbursed through banks, a position reiterated by Chief Minister Jayalalithaa even a few days ago...
Read on.

It looks like the UIDAI isn't the only Indian institution trying to get away from the postal service.

h/t @m2sys

Dependable ID Infrastructure Is Really Good for the Economy

India's Digital ID for All Citizens Benefits Entrepreneurs (Innovation News Daily)
Growing numbers of registered citizens may lead to a self-sustaining momentum for the UID program, Sundararajan explained. More businesses will launch new services tied to UID as they see more potential customers lined up. Having more available services can in turn encourage more citizens to sign up for UID.

If the current pace holds up, India will have enrolled about 300 million people (25 percent of the population) by the end of 2012, researchers said. "People have been quick to understand that this is opening up huge new markets," Sundararajan said. "So it's not just for the people who are newly included, but also for people who have a more reliable form of identity."
See also:
Poorest of the Poor Expect to Benefit the Most from India's UID
Empirical Data Support UID as a Means for Reaching the Poor
India: How Much Fraud is Acceptable in NPR, UID
Biometric Identity Management, an Information Age Revolution

Tuesday, May 1, 2012

The Fingerprints of Identical Twins

Identical twins are more likely to have fingerprints of the same type, but prints are not identical.

Identical twins caught red-fingered (
Fingerprints are as unique as snowflakes – or so we’re taught in elementary school. Identical twins, though, provide an interesting caveat to this rule: Not only do they look alike, they are also more likely than non-twins to have similar fingerprint patterns.

These similarities raise potential complications for biometrics-based security systems and crime solvers, but a PLoS ONE paper published Friday suggests there’s no reason to worry.

h/t @m2sys

Another Entertainment Use For Facial Recognition Tech

Phone app uses facial recognition software to determine ugliness
"It wasn't just made up, like, 'Hey this is what I think is beautiful,'" said co-creator Jo Overline. "It's published math behind how it's calculated." The app uses those facts, such as how far apart your eyes are and how big your nose is, to rank your beauty on a scale of 0 to 100; 100 is hot, 0 is not. And the app tells you why you rank a certain way. It took Gilbert native Overline and his partner about a year to develop Ugly Meter Pro, the $4.99 version that uses facial recognition software to determine how attractive you are.
This type of application is more like object recognition than facial recognition for ID management but the two are closely related. See also: Biometrics, object recognition and search.

In other recent news...

Does this Woman Have the Perfect Face? (Time)

Her face was judged the most symmetrical out of 8,000 analysed.

video platform video management video solutions video player

What's Up With Facebook's ID Management/Logical Access Control?

An Exile From the Kingdom of Me (The New Yorker)
Meanwhile, I have sought redress against the charge that I am not who I say I am. I gave Facebook my cell-phone number so they could text me a confirmation code. The text arrived. I tried to log on, and entered the code. To my surprise, Facebook was not assuaged, and gave me another quiz.
Some will interpret the accumulation of obstacles between the user and their Facebook account as reflective of how prevalent unauthorized access to accounts has become. Others will suspect that Facebook is erecting the barriers in order to extract a personal information premium (mobile phone number) in exchange for for removing them.

Is Facebook using logical access control policies to gather information about its users that isn't needed purely for ID purposes? If so, is it likely to annoy Facebook users?

The linked piece is actually more about the ontology of friendship (also a very interesting topic!) than ID and privacy. It is highly thought-provoking and deserving of a quick click-and-read.