Friday, August 24, 2012

Biometrics Uncover 825,000 ID Inconsistencies in DHS Database

Fingerprint Records Reveal 825,000 Immigrants With Multiple Names (Mashable)
Many of the situations involved women who legally altered their names. “We found that nearly 400,000 records for women have different last names for the same first name, date of birth and [fingerprint identification number],” he wrote. “These instances are likely women who changed their names after a marriage.”

During the study, auditors examined records covering 1998 through 2011.

Most of the time, US-VISIT personnel try to resolve cases in which people who appear to be one and the same have different information listed in records, the auditors found. The researchers are not specifically targeting scams, Deffer explained. Accidental typos, the fact that various immigration-related agencies use incompatible data formats and other keying mistakes are factors they look for when probing mismatches. During the course of typical procedures, US-VISIT has picked up on only two instances of fraud, agency officials reported to the IG.

The enormity of the conflicting data, however, may obscure actual fraud. “These inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud,” he wrote.
As they grow and age databases can get really junked-up. Biometrics, in this case fingerprint biometrics, can be extremely helpful in maintaining their integrity. The database involved here is the on maintained by the US Department of Homeland Security US-VISIT program. It contains (wait for it) information, including a fingerprint, on all visitors to the US. The fingerprint has been the linchpin of the audit that discovered 825,000 database errors because it is the only  piece of truly unique and durable, personal information stored.

Before automated fingerprint ID systems (AFIS), combinations of data were used to reduce ID error rates to some reasonable approximation of zero. While names, birth dates, and other descriptors aren't unique, multiplying them together works pretty well for a while. Working against this system are legal name changes and human typographical errors in data entry which have the database effect of creating a whole new person,  which runs counter to the reasons for keeping such a database in the first place.

See Biometric "Fix" Identity which takes on this issue from the angle of intentional fraud.