Wednesday, October 31, 2012

Bikini Detection algorithm raises the stakes in social media

Add bikinis to the list of objects recognizable by computer algorithms.

IPhone app that finds racy Facebook photos raises privacy worries (Los Angeles Times)
“This is a very touchy subject, of course,” Barto said. “Anything that’s readily available on Facebook, that’s what we can search. Those privacy tools on Facebook should be used to control the content that you want to be private.”

The app works in a similar way to the facial-recognition technology found in video chat programs and Facebook’s tag prompts. But instead of identifying faces, Badabing identifies the shape of a bikini. That means in addition to beach photos, the app may return pictures of a T-shirt with the outline of a swimsuit.
Object recognition is really starting to take off.

Related: Biometrics, object recognition and search

Benghazi: US uses face rec to confirm that suspect held in Tunisia was present at attack

US officials ID'd Libya attack suspect on surveillance video, sources say (FOX)
Ali Ani al Harzi and one other suspect were detained at an airport in Turkey in the days after the attack while travelling with false documents, and Harzi now has been identified as being present at the attack using the images obtained from the consulate compound video, Fox News' sources say.
...
Harzi was transferred to Tunisian custody, but U.S. interrogators so far have not had access to him, much to the frustration of American authorities. Even so, U.S. intelligence agencies have confirmed through facial recognition technology that the Tunisian was present the night of the consulate attack.

Baby Biometrics

Special squad to trace babies stolen from hospitals (Times of India)
The court even suggested use of biometric identification for newborns and matching tags for the kid and the mother. The guidelines were issued after a baby was stolen from the civic-run Sion hospital.
Biometrics are especially useful for identifying people who can't identify themselves.

Tuesday, October 30, 2012

More information on the NIST Biometric Conformance Test Software

Are your biometrics up to snuff? Free suite tests for compliance (GCN.com)
The BioCTS suite checks that the record of an iris image or other piece of biometric data being used has the correct data and in the order called for by the standard, so that it can be sent to and received correctly and filed accurately by any user, from the Homeland Security Department to state and local police departments. The conformance testing provides programmers, users and product purchasers with an increased level of confidence in product compliance and increases the probability of successful interoperability.

The tests do not ensure interoperability of different products, however; only that they adhere to common standards, Podio said. “Conformance increases the probability of interoperability, but cannot ensure it because of all the possible implementations that can be included” in a product. Each developer can implement different profiles from the standard, depending on how the product will be used.
More good analysis and links at the GCN link above.

Monday, October 29, 2012

Sri Lankans need fingerprint visa to get into Malaysia

Lankans also need ‘bio-visa’ to enter Malaysia (Daily Mirror)
Touted to be the first-of-its-kind “Bio-Visa” to be introduced in the world, those who do not comply with the Immigration Department’s proposed Biometric-Visa will be slapped with a “Not to Land” (NTL) notice and turned back.

Papua New Guinea: Biometric Voter Registration by 2017

Electronic registration for voters in PNG planned for next election (Radio New Zealand International)

Biometric system keeps excluded man from attending Boca Juniors-River Plate game

Argentina’s derby of derbies ends all-square (The Star - Malaysia) 
Meanwhile, security measures appeared to have worked efficiently after a renowned figure among Boca’s ‘barra brava’ or hooligan fringe was picked up by biometric identification system and was refused entry to the venue.

Mauro Martin tried to get into the game but Interior Minister Florencio Randazzo said he had been caught in the net and was prevented from attending after his fingerprints were checked.

During the summer, Martin required hospital treatment for a gunshot wound suffered in a confrontation between rival Boca hardcore followers.
Here's the scene yesterday at the 'Bombonera' in Buenos Aires. It's obviously an incredible atmosphere.


Notice that the players seem to be deposited into the center of the field via a long protective tube.

Getting Banking Security Right in a Mobile World

Security as a Service (Michael Nuciforo at Finextra)
One of my pet hates with most mobile banking projects is how security is treated as an adjunct rather than a key scope item. Any product or marketing manager worth their salt knows the number one reason consumers don’t adopt mobile banking services is security concerns. The reason security is treated as a ‘black sheep’ is that it isn’t doesn’t deliver tangible customer satisfaction improvements. And even though customers expect it, they don’t often get excited about it. A change in mind-set is required. Security should be treated as a service. If you get it right, and promote it appropriately, it could be the key factor in your bank achieving above normal user adoption.
Good advice to banks follows.

India Round-up

Security equipment industry grew by 25% in last 3 yrs - Compared to 7% for the rest of the world. (moneycontrol.com)


India tries handing out cash to poor - Those waiting on the cash probably want somebody to try harder. (news24)


Jharkhand: Slow state to review ration card pact - when asked, the food and civil supplies minister admitted that at present no steps were being taken to introduce biometric system in PDS supplies. (Yahoo)


PM gives Aadhaar awards in Rajasthan (Yahoo)


OPINION: An informed choice (on technology and economic growth) (Hindustan Times)


OPINION: Blundering on land & Aadhaar (Kashmir Times)

James Bond used a fingerprint reader in 1971

That's earlier than I would have thought!

Top 50 tech moments of the James Bond franchise

The fingerprint reader appeared in Diamonds are Forever.

Friday, October 26, 2012

Biometric Chat on Iris Biometrics November 1

When: November 1, 2012 

11:00 am EDT, 8:00 am PDT, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST) 

Where: tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat

What: Tweet chat on iris biometrics technology with Jeff Carter, Chief Strategy Officer of @EyeLockCorp

Topics: Differences between iris and retina biometric identification technologies, using iris recognition to identify the unconscious, public acceptance of iris biometrics compared to other biometric modalities, iris biometrics and mobile device user authentication, iris biometrics accuracy compared to other biometric modalities, and more!

More information at the M2SYS blog.

I always enjoy these. 

Tune in, dial up, surf over (or do whatever it is you do to navigate the interwebs) and join in the conversation.

Here's some background on Jeff's vision for iris biometrics.




UPDATE: A good time was had by all. In case you missed it and would like to see how it went, the Twitter Biometric Chat transcript on Iris biometrics is up at Storify.

Tech for better management

5 Cutting Edge Ways to Combat Employee Theft (CNBC)
Problem No. 1: Taking money from the register
Problem No. 2: Copying the company's digital assets
Problem No. 3: Stealing customer data
Problem No. 4: Pilfering products
Problem No. 5: Cheating on time sheets



Thursday, October 25, 2012

Kenya Elections: Many reasons for worry

The whole sad saga dating to September of last year is here.

Today's news doesn't inspire optimism that Kenya can deploy a successful biometric voter registration system (which, without voter verification, is really only half of a biometric election system anyway) by March.

The Biometric Voter Registration Kits are late.

Anxiety is also increasing due to several other factors that are well covered in Fear grows over delays in voter registration at the Kenya Standard.

That fear has grown to the point where public officials are publicly beginning to wonder whether there isn't some conspiracy afoot that aims to delay elections. Placed against the historical backdrop of Kenya's electoral experience — only three presidents since 1964, and many hundreds killed following the last presidential elections in 2007 — it's no wonder Kenyans are starting to worry.

Correctly deployed and well managed biometric voting technology can be extremely helpful in bringing rigor and transparency to electoral systems at a cost that less developed countries can afford. Through careful planning and wise investments in technology, countries can build an affordable and rigorous ID infrastructure that strengthens democracy, which in turn opens the door to other benefits.

The systems themselves are technically complex but there are plenty of organizations like SecurLinx that can supply the technical expertise to implement them. The technical complexities, however, make up only a fraction of the overall bureaucratic load of running a decent election.

The logistical and human resources challenges are far larger and more expensive to address than the technical challenges of biometric systems.

Like we always say... Biometrics & ID management: it's about people.

UPDATE: 
Kenya: Justice Minister Eugene Says Treasury Was Poll 'Saboteur' (All Africa)
Yesterday Prime Minister Raila Odinga chaired a crisis meeting at his office to resolve the delay in the procurement of the Biometric Voter Registration kits with the IEBC top officials, Finance minister Njeru Githae, Justice minister Eugene Wamalwa, Lands minister James Orengo and Treasury PS Joseph Kinyua among others.

However President Kibaki missed the meeting for a second time. On Tuesday Wamalwa accused "some people" of attempting to sabotage preparations for the polls.

"There was an anxiety and finger pointing that had started creeping in. The culprits I had in mind were actually the Treasury," said Wamalwa who had promised to name the saboteurs.

UID isn't painless but neither is the status quo

India risks backlash hurrying through Aadhaar project
The pilot project in Beelaheri, a village of 2,000 people some 130 km (81 miles) southwest of Delhi, replaces kerosene subsidies with cash rebates and has been running since December. It has massively lowered demand for the subsidized fuel, which weighs on government finances.

But teething problems are immediately visible.
The headline's a bit harsh but the piece is well worth reading in its entirety.

Supermarket chain in France becomes first in the world to use biometric payment method

Interesting use of hardware at 0:39 in the video below.



The "card sheath" hardware is interesting. I'm curious about how the payment system works end-to-end.

This will be worth keeping an eye on.

Wednesday, October 24, 2012

FTC Freestylin' on Face Recognition

Federal Trade Commission Staff Report Recommends Best Practices for Companies That Use Facial Recognition Technologies


Mission of the Federal Trade Commission...
To prevent business practices that are anticompetitive or deceptive or unfair to consumers; to enhance informed consumer choice and public understanding of the competitive process; and to accomplish this without unduly burdening legitimate business activity.


In December of last year, the Federal Trade Commission (FTC) hosted a workshop – “Face Facts: A Forum on Facial Recognition Technology” to examine the use of facial recognition technology and related privacy and security concerns.

Monday, the FTC released two documents summing up the effort. The first is the Staff Report, a 21 page attempt to synthesize the views of the forum's participants and FTC staff into an authoritative guide. The second is a dissent from the 4-1 vote in favor of releasing the staff report.

In my opinion, Best Practices for Common Uses of Facial Recognition Technologies falls a little short for a couple of reasons. First, of the staff report's three cases, only one — the Facebook case — is actually a facial recognition application. Then in the other instances where the report deals with facial recognition proper, it does so in a wholly hypothetical way. This approach runs the risk of being seen by many as falling outside the ambit of the FTC's mission.

I have selected passages from both documents mentioned above for examination because they lie at the heart of the whole exercise. They are a distillation of what the entire project was about and has concluded. The entire documents are available via links below for those who seek more information.

from the Staff report... (pdf at FTC.gov)
To begin, staff recommends that companies using facial recognition technologies design their services with privacy in mind, that is, by implementing “privacy by design,” in a number of ways. First, companies should maintain reasonable data security protections for consumers’ images and the biometric information collected from those images to enable facial recognition (for example, unique measurements such as size of features or distance between the eyes or the ears). As the increasing public availability of identified images online has been a major factor in the increasing commercial viability of facial recognition technologies, companies that store such images should consider putting protections in place that would prevent unauthorized scraping which can lead to unintended secondary uses. Second, companies should establish and maintain appropriate retention and disposal practices for the consumer images and biometric data that they collect. For example, if a consumer creates an account on a website that allows her to virtually “try on” eyeglasses, uploads photos to that website, and then later deletes her account on the website, the photos are no longer necessary and should be discarded. Third, companies should consider the sensitivity of information when developing their facial recognition products and services. For instance, companies developing digital signs equipped with cameras using facial recognition technologies should consider carefully where to place such signs and avoid placing them in sensitive areas, such as bathrooms, locker rooms, health care facilities, or places where children congregate.

Staff also recommends several ways for companies using facial recognition technologies to provide consumers with simplified choices and increase the transparency of their practices. For example, companies using digital signs capable of demographic detection – which often look no different than digital signs that do not contain cameras – should provide clear notice to consumers that the technologies are in use, before consumers come into contact with the signs. Similarly, social networks using a facial recognition feature should provide users with a clear notice – outside of a privacy policy – about how the feature works, what data it collects, and how it will use the data. Social networks should also provide consumers with (1) an easy to find, meaningful choice not to have their biometric data collected and used for facial recognition; and (2) the ability to turn off the feature at any time and delete any biometric data previously collected from their tagged photos. Finally, there are at least two scenarios in which companies should obtain consumers’ affirmative express consent before collecting or using biometric data from facial images. First, they should obtain a consumer’s affirmative express consent before using a consumer’s image or any biometric data derived from that image in a materially different manner than they represented when they collected the data. Second, companies should not use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her, without obtaining the consumer’s affirmative express consent. Consider the example of a mobile app that allows users to identify strangers in public places, such as on the street or in a bar. If such an app were to exist, a stranger could surreptitiously use the camera on his mobile phone to take a photo of an individual who is walking to work or meeting a friend for a drink and learn that individual’s identity – and possibly more information, such as her address – without the individual even being aware that her photo was taken. Given the significant privacy and safety risks that such an app would raise, only consumers who have affirmatively chosen to participate in such a system should be identified. The recommended best practices contained in this report are intended to provide guidance to commercial entities that are using or plan to use facial recognition technologies in their products and services. However, to the extent the recommended best practices go beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC. If companies consider the issues of privacy by design, meaningful choice, and transparency at this early stage, it will help ensure that this industry develops in a way that encourages companies to offer innovative new benefits to consumers and respect their privacy interests. [ed.: bold emphasis mine]

The fist paragraph above is common sense. For example: "Companies should establish and maintain appropriate retention and disposal practices for the consumer images and biometric data that they collect." Who could argue with that?

I believe many on all sides of the facial recognition issue will find the Face Facts forum findings disappointing and I think the second italicized paragraph above best encapsulates why. In it, the FTC staff report loses coherence.

Let's examine it in detail.

1. The staff report doesn't confine itself to facial recognition proper.

Staff also recommends several ways for companies using facial recognition technologies to provide consumers with simplified choices and increase the transparency of their practices. For example, companies using digital signs capable of demographic detection – which often look no different than digital signs that do not contain cameras – should provide clear notice to consumers that the technologies are in use, before consumers come into contact with the signs.

Demographic inference isn't facial recognition and nowhere does the FTC staff make a case that a computer guessing at gender, age or ethnicity has any privacy implication, at all. And then, even if that case is made, the task of tying the activity back to the FTC's mandate remains.

¿QuĂ©?
The recommendation that someone "should provide clear notice to consumers that the technologies are in use, before consumers come into contact with the signs," however reasonable it seems in theory, is odd in practice. The old microwave-and-pacemaker signs come to mind. But then where would an ad agency put those signs if they wanted to do advertising on, say, a city street? [Bonus: would it be appropriate to use language detection technology in those signs in order to display the warning message in a language the reader is judged more likely to understand?]

2. Next there's a nameless "social network" — no points for guessing [See: Consumer Reports: Facebook & Your Privacy and It's not the tech, it's the people: Senate Face Rec Hearings Editionwhich — that  is hypothetically doing the exact same things a non-hypothetical social network actually did without much in the way of an FTC response.

Similarly, social networks using a facial recognition feature should provide users with a clear notice – outside of a privacy policy – about how the feature works, what data it collects, and how it will use the data. Social networks should also provide consumers with (1) an easy to find, meaningful choice not to have their biometric data collected and used for facial recognition; and (2) the ability to turn off the feature at any time and delete any biometric data previously collected from their tagged photos.

This is the closest the document ever gets to a concrete example of facial recognition technology even being in the neighborhood of an act the FTC exists to regulate and the staff of the FTC still doesn't abandon the hypothetical for the real world.

3. Then there's the warning that the FTC would take a dim view of two types of hypothetical facial recognition deployment each of which would require its own dedicated staff report in order to make a decent show of doing the topic justice.

Finally, there are at least two scenarios in which companies should obtain consumers’ affirmative express consent before collecting or using biometric data from facial images. First, they should obtain a consumer’s affirmative express consent before using a consumer’s image or any biometric data derived from that image in a materially different manner than they represented when they collected the data. 

This is far too general to be useful. The above would seem to preclude casinos from using facial databases of known or suspected cheaters, a proposition few would argue.

Then there's the question of what makes biometric data so special? Should the same standards apply to all personal data or just pictures of faces?

For the situation above to apply to the FTC's mandate a practice would have to be deemed "deceptive" or "unfair" and if a practice is deceptive or unfair when a face is part of the data being shared, how does using the data in a substantially equal manner cease to be deceptive and unfair by omitting the face? The report is silent on these points.

Second, companies should not use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her, without obtaining the consumer’s affirmative express consent. Consider the example of a mobile app that allows users to identify strangers in public places, such as on the street or in a bar. If such an app were to exist, a stranger could surreptitiously use the camera on his mobile phone to take a photo of an individual who is walking to work or meeting a friend for a drink and learn that individual’s identity – and possibly more information, such as her address – without the individual even being aware that her photo was taken. Given the significant privacy and safety risks that such an app would raise, only consumers who have affirmatively chosen to participate in such a system should be identified.

This hypothetical future app does exactly what anyone can pay a private detective to do legally and today. If the FTC isn't taking action against PI's, it would be extremely helpful of the FTC to make clear to buyers and sellers of facial recognition technology the distinctions they see between the two.

Then, towards the end of the excerpted text, perhaps sensing how far ahead of themselves and the mission of the FTC they have gotten, a couple of sentences later (bold sentence) the staff report essentially says, "Never mind. We aren't formulating new policy here. We're just freestylin."


However, to the extent the recommended best practices go beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC. If companies consider the issues of privacy by design, meaningful choice, and transparency at this early stage, it will help ensure that this industry develops in a way that encourages companies to offer innovative new benefits to consumers and respect their privacy interests. [ed.: bold emphasis mine]

With the possible exception of the "social network" example, pretty much everything in the document goes beyond existing legal requirements enforced by the FTC. So what's going on here?

My hunch is that someone at the FTC became concerned over a "social network" terms of service issue and rather than deal with it as a narrow terms of use issue — an issue seemingly right in the wheelhouse of the FTC's mission  under the "deceptive or unfair" part of their mission — decided instead that it was a technology issue and that it was both possible and desirable to address the far bigger issues of facial recognition technology, ID and society in a coherent way, forgetting that doing so requires a novel interpretation of the FTC's mission. Once that decision was made, the best practices document, flawed though it is, was about the best that could be hoped for... which brings us to the dissent.

The decision to release the Face Facts staff report wasn't unanimous. Commissioner Thomas Rosch thought releasing the report at all was a mistake. Several paragraphs of the dissent follow below.

The last paragraph quoted below is particularly convincing.

then the lone dissent... (pdf at FTC.gov)
The Staff Report on Facial Recognition Technology does not – at least to my satisfaction – provide a description of such “substantial injury.” Although the Commission’s Policy Statement on Unfairness states that “safety risks” may support a finding of unfairness,3 there is nothing in the Staff Report that indicates that facial recognition technology is so advanced as to cause safety risks that amount to tangible injury. To the extent that Staff identifies misuses of facial recognition technology, the consumer protection “deception” prong of Section 5 – which embraces both misrepresentations and deceptive omissions – will be a more than adequate basis upon which to bring law enforcement actions.

Second, along similar lines, I disagree with the adoption of “best practices” on the ground that facial recognition may be misused. There is nothing to establish that this misconduct has occurred or even that it is likely to occur in the near future. It is at least premature for anyone, much less the Commission, to suggest to businesses that they should adopt as “best practices” safeguards that may be costly and inefficient against misconduct that may never occur.

Third, I disagree with the notion that companies should be required to “provide consumers with choices” whenever facial recognition is used and is “not consistent with the context of a transaction or a consumer’s relationship with a business.”4 As I noted when the Commission used the same ill-defined language in its March 2012 Privacy Report, that would import an “opt-in” requirement in a broad swath of contexts.5 In addition, as I have also pointed out before, it is difficult, if not impossible, to reliably determine “consumers’ expectations” in any particular circumstance.

In summary, I do not believe that such far-reaching conclusions and recommendations can be justified at this time. There is no support at all in the Staff Report for them, much less the kind of rigorous cost-benefit analysis that should be conducted before the Commission embraces such recommendations. Nor can they be justified on the ground that technological change will occur so rapidly with respect to facial recognition technology that the Commission cannot adequately keep up with it when, and if, a consumer’s data security is compromised or facial recognition technology is used to build a consumer profile. On the contrary, the Commission has shown that it can and will act promptly to protect consumers when that occurs.
To summarize, Rosch points out that the FTC staff report:
  • Exceeds the FTC's regulatory mandate
  • Makes no allegation of consumer harm
  • Is so overly broad as to be unworkable
  • Provides no support for the conclusions it draws
The FTC would perhaps have been better served had more Commissioners taken Rosch to heart. As it happens, the FTC staff report over reaches, under delivers, and deviates from the organization's stated mission and the results aren't pretty.


NOTE: This post has been modified slightly from the original version to add clarity, by cleaning up grammar, spelling or typographical errors.

...and a couple from India



India tries handing out cash to help teeming poor (Asia One)
"On the basis of Aadhaar, we can ensure that the benefit of schemes reach genuine beneficiaries and that there is no mediator," Prime Minister Manmohan Singh said last weekend.

India subsidises everything from fertilizer and food to kerosene so cutting waste is crucial to the government's drive to rein in its budget deficit.



Aadhaar will now be used as identity proof, for bank KYC (TMCNet)
So, when a bank asks for your ID proof to open an account, all you will have to do is tap on a device that reads fingerprints and the information will be transmitted electronically in an encrypted form. The front desk will receive a message saying that the information has been received and has matched with the data available, explained an official.

Africa round-up


CAMEROON: Biometric Registration - 4,501 Registered in South West Region


GAMBIA: IEC Presents Report at the National Assembly


GHANA: National Health Insurance Authority to issue instant biometric IDs soon


SOUTH AFRICA: Harsh jail time for fake marriages


KENYA: Canada, Kenya finalize deal to supply Kenya with voting kits



First word about the FTC report

I'll have much more to say on the topic, perhaps later today, but the first clutch of analysis of the FTC's findings following the Face Facts workshop is starting to come out.

The best two examples I have seen so far are:
FTC Issues Privacy Guidelines for Facial Recognition Technology (eWeek)
FTC Issues Guidelines for Facial Recognition (Multichannel News)

Brian Prince at eWeek gets, I think, gets at two very important aspects of the FTC's efforts: the degree to which Facebook is the elephant in the room; and the dissenting voice of Commissioner Thomas Rosch who thought releasing the report at all was a mistake.

John Eggerton at Multichannel News gives a down the middle summary of each of the two points of view (pro and con). Then he really gives the dissent the attention it deserves. The quotes from Daniel Castro, senior analyst at the Information Technology & Innovation Foundation, that close the article are highly appropriate.

Tuesday, October 23, 2012

CSI: Bangkok

Far from the blue lights and sunglasses of TV dramas, Thailand's crime scene investigators undertake painstaking work (Bangkok Post)

What is the best biometric?

I often get asked what is the best biometric modality.

The article below is a good example of why the answer is always, "That depends; what are you trying to accomplish?"

Eye of the Beholder: How Iris Biometrics Could Help Solve Hospital Patient ID Problems (Becker's Hospital Review)
One of the other major benefits, according to Mr. Powe, is the hands-off approach — literally. Patients do not have to touch any equipment with an iris scan, which helps hospitals in their infection control efforts.

"Since you don't have to touch it, it's an infection control measure," Mr. Powe says. "A lot of people don't come to the hospital because they are healthy. With palm scanning, you put your hand down, then sanitize it and clean it to keep someone from passing infections. But that's not the case here. You just sit in a chair, line your eyes up with a camera, take the picture and you're done."

Monday, October 22, 2012

Kenya Biometric Elections: A long way to go and a short time to get there.

Here's the latest on Kenya's efforts to build a biometric voter registration database by March.

Polls agency accuses AG of blocking cash for vote kit (Daily Nation)
Attorney-General Githu Muigai was on Sunday accused of holding up preparations for the election by refusing to authorise payment to a French company.

The Independent Electoral and Boundaries Commission said the registration of voters, which is two months behind schedule, remains in limbo until the AG gives Treasury the go-ahead to issues letters of credit (LC).

Until he does so, Biometric Voter Registration equipment cannot be delivered and no date can be set for the registration to begin.
Read the whole thing. Kenya has a long way to go and a short time to get there.

UID & Corruption in India

Nilekani slams Kejriwal, says passing a law can't solve the corruption problem (IBN Live)
Speaking to CNN-IBN Deputy Editor Sagarika Ghose, Nilekani said, “I m as much for fighting corruption as the next guy. But, I certainly don’t believe that by passing a law or putting more penalties on bureaucrats or creating more inspectors is going to solve the corruption problem. That's absolutely the wrong prescription. Fixing delivery system is more important. Fight corruption by having a bunch of OB vans is not going to solve the problem.”
There's a short video at the link. Sorry, I couldn't embed it. I tried. I failed.

In a separate matter — i.e. the minister in the next article isn't the person Nilekani "slams" above...

India minister denies theft rampant in $14-B food program (Business Mirror - Philippines)
India’s system of distributing food to the poor isn’t corrupt, according to Food Minister K.V. Thomas, who rejected findings by the World Bank, Supreme Court and news investigations that rampant theft is depriving as many as 160 million families of nourishment.

About 5 percent to 10 percent of the food meant for the poor is lost, and that is due to mismanagement, Thomas said in an interview at his office in New Delhi.

The World Bank pegged the figure at 58 percent, in a 2011 report based on government data, and blamed it on graft and wastage. A Supreme Court fact-finding commission declared in the past year that the distribution system in major states had failed in its mission.

Friday, October 19, 2012

South Carolina: Fingerprints for School Lunches

Some SC lunchrooms use finger scanning technology (Fox Carolina)
If the pilot programs continue to go well over the next few months, the other elementary schools in Anderson District 5 could see the scanners soon. If lunches go well, the technology may be used in media centers when kids check out books.

UID Benefits: Better compliance, Reduced leakage, Increased efficiency and accountability

Move to plug loopholes in India’s welfare schemes (Gulf News)
New Delhi: Prime Minister Manmohan Singh and Congress party president Sonia Gandhi will launch the nationwide Aadhaar Enabled Service Delivery on October 20 to plug loopholes in implementation of welfare schemes.

The applications will be launched from Dudu in Rajasthan, marking the second anniversary of the Unique Identification Authority of India (UIDAI).

“This will lay the foundation for cash transfers... The prime minister has already launched an architecture for the purpose,” Nandan Nilekani, chairman of UIDAI, which gives the Aadhar numbers, told reporters Friday.

Thursday, October 18, 2012

A couple of updates from the industry

AOptix Announces Company Reorganization (Security Info Watch)
Last week, AOptix, a California-based developer of biometric identity and wireless communications solutions, announced that it is reorganizing the company into two distinct business units; Identity Solutions and Communications.

EyeLock Inc. announced Texas-based McDonald Technologies International will manufacture the EyeSwipe-Nano® and EyeSwipe-Nano TS products. (Press Release via Melodika)
"EyeLock is growing rapidly and has conducted a comprehensive search for the right manufacturing partner to support our growth and global distribution," said Jim Demitrieus, Chief Executive Officer of EyeLock Inc. "Finding a domestic manufacturing partner was of the utmost importance to the company and MTI's location will allow us to work closely with their engineers to continually improve upon our value proposition."

Mississippi pauses Biometrics pilot for subsidized child care vouchers

The Mississippi program to bring rigor to the identity management protocols of providers who receive parent-controlled vouchers for caring for children in poor families is still struggling.

We first wrote about this deployment here in "Biometric deployment winners and losers."

Since then, the Jackson Free Press has published two more articles that warrant mention.

Following the DHS Scanner Money

DHS Pauses Finger Scan Expansion.

This story continues to provide good examples of the technical challenges associated with large scale biometric deployments as well as the management challenges of increasing oversight and accountability.

India: Biometrics help make Old-Age pensions easier to collect

Micro-ATM using Aadhaar data delivers cash to villagers (The Hindu)
Rampati Debbarma, a 71-year-old tribal woman of Burakha village in West Tripura district on Thursday pressed her finger on an Aadhaar-enabled micro-ATM to get her old-age pension in cash.
...
“Earlier, I used to walk about 10 km from my village to Mandwi Block headquarters for withdrawal of my pension from Gramin Bank, but today I got it at my doorstep,” she said.

Wednesday, October 17, 2012

EU Urges Google on Transparency

EU regulators say Google must revise its privacy policy (The Verge)
The EU is fine with Google's unified privacy policy acting as a "general guideline" about its operations, but it wants the search giant to return to its old system, which provided specific privacy notices for each Google product. It says these product-specific privacy policies must include "simple and clear explanations" on when, why, and how location, credit card, unique device identifiers (UDIDs), and telephony data is collected, along with information on how users can opt out. It asks that Google adds a specific clause for biometric data where necessary as there is currently no mention of facial recognition in its privacy policy.

Knitting UID Together

Nationwide Aadhaar-based payment launch on Saturday (Business Standard)
About two years after the allotment of the first set of Aadhaar numbers in September 2010, Prime Minister Manmohan Singh is slated to announce the national launch of a payment system based on these numbers. The function is at Jaipur on Saturday, with United Progressive Alliance (UPA) Chairperson Sonia Gandhi present.

Bureaucratic challenges to faster airport checks

Speeding up airport security checks depends upon airlines ability to work together and with the TSA.

TSA Limited By Airlines In Trying To Speed Airport Checks (Manila Bulletin)
TSA has relied on airlines to nominate PreCheck candidates from among their best customers. Because not all airlines participate, and some consider frequent-flier information secret, a passenger qualifying under one airline can’t use PreCheck if flying another carrier. Agency officials said they don’t have the technical capability now to create a clearinghouse that might resolve the roadblock.

More on the UK's new Identity Assurance Approah

Identity, Privacy and Trust: How I learned to stop worrying and love identity assurance (Computer Weekly)
The past week has seen a surge in media coverage of the government's new Identity Assurance (IDA) programme, as the Department for Work & Pensions prepares to announce the first group of Identity Providers (IDPs) to be awarded services under their procurement framework. Those who know me will be aware that I played a minor role in trying to persuade the last government to change it's plans for ID Cards, and that I became known as an opponent to that scheme; but for the past two years I've been engaged by the Post Office to support the shaping activities around the the development of the Identity Assurance programme.

So what persuaded me that IDA is a good idea?
Read the whole thing.

New NIST tools for testing against standards

New NIST software checks performance of biometrics applications against 2011 standard (PhysOrg)
A new software test suite developed at the National Institute of Standards and Technology (NIST) allows local and federal agencies and other users of the NIST's revised biometric standard to gain higher confidence that the correct biometric information can be shared between agencies accurately and rapidly.

Tuesday, October 16, 2012

Brazil takes another step toward nationwide biometric adoption for elections

Brazil: The numbers of a vigorous democracy (Jamaican Observer)
Initiated in the early 1990s, the use of electronic ballot boxes was implemented in the entire country in 2000, at the most remote localities, as well as abroad (where citizens voluntarily registered can vote for the resident). Security, durability and handling easiness are some of the characteristics of the Brazilian electronic ballot box, which makes possible the nearly immediate counting of votes.

Balloting security being one of the pillars of a truly democratic system, the Brazilian electoral justice has remained committed to the continued improvement of electoral processes and technologies. For instance, biometric ballot boxes were introduced for over seven million registered voters during the municipal elections. This feature should be extended to the entire country by 2018, an ambitious objective, bearing in mind the always increasing number of registered voters.
Brazil has been phasing in biometric elections for some time now, with the goal of nationwide adoption of biometrics for elections in 2018.

See:
Brazilian election biometrics have 93.5% success rate - and that was in 2010.

Brazil and Biometric Elections - where the 2018 goal is mentioned.

Monday, October 15, 2012

Playing it down the middle

Biometric ID advance ignites debate over rights (Trib Live)
Long envisioned as an alternative to remembering scores of computer passwords or lugging around keys to cars, homes and businesses, technology that identifies people by their faces or other physical features finally is gaining traction, to the dismay of privacy advocates.
A balanced article on the tension between biometric technology and privacy.

UAE: The World's most complete ID management laboratory

Emirates ID has world’s largest integrated biometrics (Go Dubai News)
Dr. Al Khouri added “providing a comprehensive database of inhabitants’ fingerprints, will contribute and support projects related to Emirates national vision 2021, aimed at enhancing the security and advancement of society, as well as supporting e-government projects through authenticating personal identity in e-transactions conducted over the Internet, thus contributing to hindering the risk of identity theft that increases day by day worldwide. This criminal behavior caused losses estimated at hundreds of billions of Dirhams.

He explained that the Authority succeeded in this achievement, as a result of the reengineering of registration procedures and the improving of electronic infrastructure, through the use of modern and high quality electronic hardware and software specialized in capturing high quality fingerprints.

India: Biometric machine for a better welfare system

This ‘speaking’ machine can curb misuse of ration (The Hindu)
Unlike smart cards, which can be pledged or could be handed over to another to get the benefits, biometric system prevents the misuse of ration card. Also, only genuine below poverty line card holder approaches the PDS shop as the well-to-do persons, who hitherto used to send their representatives/ agents to buy the products, hesitate to personally visit the shop, Mr. Gowda said.
This machine can help overcome the economic disadvantages of illiteracy collect better data on food disbursements, reduce the black market in welfare benefits, and can reduce the welfare benefits that accrue to those who do not qualify for particular programs.

But it's not just the machine. There seems to be a system behind the hardware that can monitor the whole program in near real time.

Pretty cool deployment. I hope it works out.

This one reminds me of a system we developed to monitor teacher time-and-attendance for an aid project in West Africa.

Biometrics a key part of growing market for Electronic Security Systems

Growing Security Concerns and Demand from Developing Markets Drives the Electronic Security Systems Market, According to New Report by Global Industry Analysts, Inc. (Press Release via Yahoo & PRWeb)
Another noteworthy trend is the shift in preferences towards integrated electronic access control systems & advanced network systems. Given their ability to enable the integration of existing access control systems with other security services, IP based open-architecture systems will witness increased demand in the next few years, thereby adding to the revenue stream. Access control systems that offer remote access via web browsers or virtual private networks (VPNs) are turning out to be highly popular among businesses organizations, especially SMBs, thereby driving access control system installations. Biometric technologies such as voice and face identification solutions, iris scanners, hand geometry systems, and fingerprint scanners also offer bright prospects for the biometric access control market. Poised to gain are biometric physical access systems, which seamlessly combine with time & attendance, payroll and other human resource application systems.
The global market for Electronic Security Systems (ESS) is projected to reach US$62.5 billion by 2018.

The paragraph quoted above certainly matches what we've been seeing in the market lately.

Friday, October 12, 2012

Friday Roundup

INDIA: It's good to have goals — 'Aadhaar' card for everyone in Punjab by March (Daily Bhaskar)

ZIMBABWE: Biometrics in Border Migrant Reception Centre (African Press Organization) There seems to be a lot of migration within Africa. Biometrics can help countries gather better data about what's going in that regard.

APPLE: Patent applications suggests hidden sensors suitable for biometrics (UK Register) "'Electronic devices are becoming more and more sophisticated, capable of performing a multitude of tasks from image capture to identity verification through biometric sensors,' patent application 20120258773 notes. That's the good news; the bad news is that each new sensor clutters up the seamless shiny-shiny of an iDevice."

BUT WAIT, THERE'S MORE: Apple Wants To Use Your Fingerprints to Unlock Your iPhone (gizmodo)

UPDATED: Ukraine, Biometric Passports and the Politics of ID

Yanukovych: Ukraine to fulfill obligations on introduction of biometric passports (Kyiv Post)

Ukraine has had a hard time with implementing a biometric passport.

First, there are real and compelling reasons for adopting a new document standard for passports that uses a chip to hold information (including biometric information). Defense against document fraud, human trafficking and other types of organized crime spring immediately to mind.

Then there is the pressure from Europe to modernize ID documents. Because of Europe's huge market, cultural importance and proximity to many non-EU countries, there is a lot of international travel to and from the EU. At the same time, the relative wealth of the EU countries compared to the countries with which they share land borders creates incentives for extra-legal behavior (immigration, smuggling, organized crime, etc.) that might be lowered by adopting more rigorous ID management practices.


The EU is driving its end of the bargain by harmonizing travel and ID practices within the EU (plus a few other countries; see Schengen Area) and offering visa-free travel to citizens of countries that make it easier to administer cross-border traffic through better document technology and law enforcement cooperation.

So what's not to like?

ID documents are, of course, extremely political. They are also a source of revenue to the authorities that issue them and the companies that supply the materials, services, or the manufacturing related to them.

For the nation of Ukraine and Ukrainians who are frequent international travelers successful passport modernization would be a good deal with the state collecting fees that frequent travelers can afford to pay and who are, in turn, compensated with smoother border crossings. Ukrainians who don't, won't or can't travel would be left alone.

So what's not to like?

Ordinary Ukrainians weren't sure about the second part and the international travelers weren't sure about the first part.

A year ago, the deliberations on ID document modernization in Ukraine took place under a cloud of suspicion that the new document wouldn't actually move the country to visa free travel to Europe, would cost a lot, and since Ukrainians already carry domestic passports, foreign passports, social identity cards, identity cards for insured people, pension certificates, certificates of persons with disabilities, and driving licenses, many (enough, apparently) suspected that the true impetus behind the effort was just another opportunity to collect fees and/or throw a new contract to a connected firm and they worried that the effort might not be limited to international travel documents.

Ukrainian President Viktor Yanukovych vetoed the effort of last year and the initiative seems to have been resurrected as something resembling the more optimal approach described in theory above.

It's not a done deal yet but it looks like Ukraine is making progress.

NOTE: This post has been modified slightly from the original version to add clarity.

UPDATE:
Valeriy Khoroshkovskiy is the first deputy prime minister of Ukraine. Perhaps more relevant to our discussion here, he also used to run the State Customs Service.

His piece today in the Kyiv Post is much lengthier than other treatments of Ukraine's regional integration efforts which tend to be very narrowly focused.

In it, he discusses in more detail many of the topics we touched on above, including:
  • Visa free regime with the EU; 
  • Biometric passports;
  • Other identity documents;
  • Human trafficking;
  • and the flip-side of organized crime, corruption.

Thursday, October 11, 2012

More Biometrics for Banking on Development

Taking Banks to India's Poor
Award: Start Up of the Year
Name: Manish Khera, CEO, FINO
Age: 41
Why He Won: For setting up the largest banking correspondence network in India and bringing financial inclusion to millions of people across 26 states, and using mobile tech in a smart way. It is poised to become the country’s largest banking correspondent.
You can make a lot of money catering to the poor.
It had invested in technology, had the sales force on the ground, and was flush with money. FINO’s custom-built devices went a long way in ensuring that its customers stayed connected to the grid. Their ‘pod machines’, hand-held biometric devices that recorded customer fingerprints, reduced the risk of fraud to a great extent. Its machines function both online and offline, so money still got transferred in areas without any network. By January 2010, it had 10 million customers (across 15 banks). It added another 15 million in the next year and doubled the base to 50 million by August 2012, two-thirds of the clientele base in the sector. It’s eyeing 100 million by 2015.
See also our post from earlier today:
Biometrics + Banking → Rising incomes in Malawi which describes more of a pilot project and study, but the numbers are also very impressive.

Now those are some scare quotes I can get behind.

Biometric attendance ‘fails’ at BMC offices (Financial Express)
Despite efforts to make attendance tracking more transparent, within just a year, the BMC’s bio-metric attendance system has proven to be a dud.

According to the response to an Right to Information (RTI) query filed by citizen Sharad Yadav, of the 1,081 bio-metric attendance machines installed in the civic body’s offices across Mumbai, just about 300 are functional.

The current market rate for these machines ranges from Rs 10,000 to Rs 20,000 per machine.
I'm curious about what's going on here: Weak management? Lack of tech support? Poorly chosen vendor? There could be a lot of reasons for failure, but it's not like biometric time-and-attendance is rocket science. At this point it's pretty well understood.

New Bond film is right up our alley

From the trailer it looks like the new James Bond movie, Skyfall, will deal with some of the things that keep us going here.

It begins with the loss of a hard drive containing the identity of every agent embedded in terrorist organizations across the globe.

Then, about 53 seconds into the trailer, Q issues 007 a biometric gun coded to his palm print so only he can fire it. "Less of a random killing machine; more of a personal statement."

International Day of the Girl

Today is the Day of the Girl, internationally recognized by the United Nations.

Map: What Countries Have the Worst Gender Gaps? 
Plus, a simple yet powerful solution to help close the gender gap. (Slate.com)
Here’s how our proposed solution works: Use biometric identification, such as digital finger prints or retina scans, to give girls a formal economic identity and make sure they are counted and served by new policies and programs. Then build on advances in electronic payments and mobile money, which allow automatic provision of financial services via a digital platform or mobile device. This helps make sure the girls—not corrupt government officials or pesky relatives, for example—receive aid money. Transfer dollars electronically through systems linked directly to savings accounts owned and operated by the girls. Finally, tap into behavioral economics, which shows that simple “nudges” can lead to savings habits, asset accumulation, and investments in education, health and enterprise.
As we've said before, you can't be a fully functioning member of the modern world without a legitimate ID.

Israel: Interior ministry wants tourists' biometrics

Israel to create tourist biometric database? (Ynetnews) According to Interior Ministry proposal, visitors refusing to provide fingerprints will be banned entry.

Pretty soon everyone will be doing this; Ghana already does something similar at the Accra airport. I can't see why Israel would issue tourists an ID card though . On the one hand, isn't that what a passport is for? On the other, if they're collecting biometrics why not use them?

Biometrics + Banking → Rising incomes in Malawi

Fingerprints for financing: Removing some risk from lending in Africa (PhysOrg)

Read the whole thing or at least watch the video below.
They were paprika farmers in Malawi participating in a new study that shows fingerprinting can help encourage borrowers to repay their loans. Like many impoverished countries, Malawi lacks a national identification system. Most of the population lives in rural areas with few government services. Even ID as basic as a birth certificate is rare in the southeastern African nation.

Another amazing thing abuot the study is that it found a 234% ROI on biometric spending and that loan performance among the riskiest contracts nearly doubled.

Biometrics can be a leapfrogging technology for building better institutions in the developing world.

Wednesday, October 10, 2012

Kenya: High Court judge rejects Biometric Voter Registration Kit procurement complaint

Kenya: Activist Fails to Stop Voter Registration Kit (All Africa)
For the second time in less than two weeks, a High Court judge has declined to stop the procurement of Biometric Voter Registration Kit meant for March 2013 general election. Judge David Majanja refused to give temporary order sought by activist Okoiti Omtatah and businessman Shailesh Kumar Nataverbhai.

The two sought to stop the supply of BVR kits on grounds that the procurement process does not meet the requirements under the constitution. Omtatah said the procurement process was neither fair nor competitive and as a result the court should stop the contract.
We've followed the developments in Kenya with great interest.

See:
Strange Things Afoot in Kenya Biometric Voter Registration Procurement and
Kenya Biometric Voter Tender: Curiouser & Curiouser

Or, better yet, click the 'Kenya' label in this post's footer and get caught up all at once.

Biometrics in Art: Finger Portraits


Ditology: http://ditology.blogspot.com.au/
Artist flicks the finger to biometric age with eerily familiar portraits (Perth Now)
Concerned with the ‘complex mysteries of identity’ Dito wanted to create a viral project which would inspire people to think about their own ‘digital identities’.

Using fingers and even his own unique finger-print seemed like the perfect illustration of this given what a tool it has become in the modern era of touch-screens, mouse pads and keyboards.

Hope for a Grand Bargain among India's ID Bureaucracies

PAN, AADHAAR, NPR govt looks at grand alliance (Business Standard)
The thought of making PAN the national identification number has lost its fizz but the government is now taking steps to link it to AADHAAR and NPR (National Population Register).

A provision has already been made to provide AADHAAR number allotted by the Unique Identification Authority of India (UIDAI) to the Indian citizens in PAN application Form 49A on voluntary basis.

The existing PAN holders can also add information of their AADHAAR number to the I-T department while applying for a new PAN card or making some changes or correction in their existing PAN details.
...
The Registrar General and Census Commissioner of India also proposed to the Central Board of Direct Taxes (CBDT) recently to link PAN with NPR. Under the proposal, Ministry of Home Affairs will store PAN information along with the NPR data on the smart card to be issued as Resident Identity Cards.
That just might be crazy enough to work.

Tuesday, October 9, 2012

UID Update

It has been a while since we've had occasion to talk about India's UID project and the Times of India has published a couple of articles that refocus our attention on it.

The two Times of India articles illuminate the way forward for UID. The first one linked below is very detailed and explains the bureaucratic arrangement between UID and the NPR (National Population Register) as well as the general outline for the permanent status of the initiative.

The second covers similar ground from a more sensationalist perspective. Both are worth reading because they rely on different sets of facts.

The third article linked below shows why UID is so important to India's development. The goal of universal electric and natural gas service is only achievable in an environment of accountability fostered by a system where everybody has an ID.

Stand up for the count, no escaping the card (Times of India) 
In case you're scared of missing the Aadhaar bus, count on the National Population Register camps.

The state Directorate of Census Operations and the UID Implementation Committee will set up permanent NPR centres for those left out in the first or second phase of data collection. The directorate, with its limited funds, has been publicising the compulsory registration for NPR, of which Aadhaar is a crucial part. But several residents have either been left out or have opted out because they don't yet understand how important it is to be counted.

"NPR will continue forever, because every child over five years must be enrolled..."


Got Aadhaar number? Now wait for the real card (Times of India) 
Elated to be one of the "fortunate" few to have received the 12-digit Aadhaar number? Call us a spoilsport but it isn't of much use. The glossy strip of paper is certainly not "the card" that everyone has been talking about for nearly five years.

Bengal is not among the 19 states where the Unique Identification Authority of India (UIDAI) directly issues the Aadhaar numbers. If you live in this state, your UID number has to be ratified by the Census Directorate before it is embossed on a Resident Identity Card (RIC). That's at least two years away.

As of now, the UID lies as the victim of flawed policy. Those who had their fingerprints taken and retinas scanned a year ago are clueless about what happens next.


Affordable electricity for all in next 5 years: Manmohan Singh (Business Today)
He said in one pilot scheme in Mysore district of Karnataka, 27,000 deliveries of subsidised cylinders have been made after successful biometric authentication of any family member present at home.

"In the next phase it is planned to transfer the subsidy amount directly to the bank accounts of bona fide beneficiaries," he said.

Monday, October 8, 2012

Argumentum ad Verecundiam

NFC to stick finger in biometrics banking: Expert (ZDNet)
While Australian banks have been elusive about plans to implement customer-facing biometrics technology, its use in banking will become mainstream in the near future, and may even be used in conjunction with other technologies, like NFC, according to Dr Ted Dunstone.
Since the release last week of a study suggesting that 79% (background here & here) of Australians are open to fingerprint biometrics for banking, the topic has garnered a lot of interest.

Much of the recent press analysis on the subject has taken the form of Argument from Authority (argumentum ad verecundiam for you Latin speakers out there) i.e. talking to experts and writing down what they say.

This type of argument, in itself, is neither good nor bad but it can be done well or poorly. The article linked above is a good example of the former.

Challenge!

Theft of fingerprints easier than cutting off a finger, security experts warn (News.com.au)
Associate Professor of math and geospatial sciences at RMIT University, Dr Asha Rao told News Ltd that a cyber criminal wouldn't need your finger or retina in order to steal the stored data.

''When you watch political or forensic dramas, they show you the fingerprint but that's not really what is stored as it would take too much time to cross reference,'' Dr Rao said.

''To complete the biometric scans you don't need my finger, you need the hash of the biodata.''

A hash is like an algorithm or template that can be used to decode your data. ''If you steal the template, then you've basically lost your fingerprint,'' she said.

''It's actually easier to break than cutting off people's fingers.''

Oh, yeah?
Challenge!

Step one. Have the experts in question turn this into a fingerprint. Yes, it is a real fingerprint template; no hacking required.

2aba08229b3b2a44e72c8f14da168a560a3caf2257add068a7fc1636215bff53152546da3fc8071ea84433a42261f4ff7bc3b455199be8980eea2bb1e922f18aa309e050130d72ca124ecd6e9e86459e60858ff44f71d0c1c4e23b97a9a6554619543e8d347f79ea8fa70db87eaea7f37bf2cac4e697d5525479cc72fb653b5d32089e7b3cbcd01f8dba60eda95a50a31b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c 

Step two. Have the experts in question cut off someone's finger.

Step three. Have them explain which task they'd rather repeat.


"You want a toe?"


[I'll bet both tasks are much more difficult either from a technical or humane point of view than stealing and using a password. I assume that's why they are hackers instead of, well, you know - "hackers." And while, at least according to Walter Sobchak, "I can get you a toe," fingers are a little harder to come by. After all, people are going to need them to get at their cash.]




Bonus: Explain why any of this should cause any of the reported 79 per cent of Australians who would be comfortable using fingerprint biometrics to verify identity to change their mind (background here & here).


Friday, October 5, 2012

U.S. Special Operations Command wants some biometrics

Army Special Operations surveys industry for the latest in fieldable tactical biometric devices (Military & Aerospace)
Tactical biometrics experts at U.S. Special Operations Command (SOCOM) at MacDill Air Force Base, Fla., surveying industry for the latest technologies to conduct facial, fingerprint, and iris recognition in the field during sensitive military operations.

Microsoft Acquires Mobile Hardware Security Firm

Microsoft Boosts Mobile Security with PhoneFactor Acquisition (CMS Wire)
Microsoft will be able to tout these features as built-in or an option once the acquisition and integration is complete. PhoneFactor currently offers services for enterprise, government, banking healthcare and other verticals, while also supporting Citrix, IBM Tivoli and VMWare.

It claims that the PhoneFactor Agent service reduces the risk of compromise and increases security with benefits including; instant fraud alerts, biometric voice authentication and transaction verification, with the advantage of no extra dongles or training needed.

Thursday, October 4, 2012

Thursday roundup

There's just too much news on biometrics and ID today to do it all justice so here are a few blog-worthy stories I just couldn't get to:

US Private Sector Homeland Security Market - 2012 Edition. There is a trend towards upgrading of outdated security infrastructure, including cyber security, chemical & HAZMAT industry security, smart grid security, perimeter security, biometric ID, IT systems and workforce & visitors screening systems. Over the next five years, the US private sector HLS market is forecast to grow at a CAGR of 7.7% from $8.6 billion in 2011 to $12.4 billion by 2016.



Palm scanners to pay for school lunch concern some Maryland parents. About 20 percent of parents have declined to participate in the program.



Cameroon: Here Comes Biometric Voter Recompilation. The recompilation of the electoral register using biometric technology is intended to tackle problems of multiple registration and other noticed lapses so that future elections in the country are transparent, free, fair and credible.



The Defense Manpower Data Center is making it easier for service members and their families to get and maintain identification cards.



"CONTROVERSIAL"!
UK Government to piggy-back on private relationships for public ID? Government may allow people to use their mobile phones and social media profiles as official identification documents for accessing public services.

UAE: Travel without boarding pass

Dubai: Biometric self-boarding, self bag drops and ‘bagtrac’ smartphone applications — a host of new technologies will change the face of air travel in the region. (Gulf News)
“Soon you won’t need your boarding pass,” said Andre Oeyen, Director of Biometric Business Development, Government and Security Solutions at SITA, a global air transport communications and information technology major.

Speaking to XPRESS on the sidelines of the ICT Aviation Forum in Dubai on Tuesday, he said: “We are in talks with airlines and airports in the region to launch biometric self-boarding in the first half of 2013.”

However, he did not specify the names of the airlines or airports. He said biometrics is already being used for border management and immigration in Dubai, and if extended to boarding, it will be the next dimension.
Faster please.

Australia: More on survey of attitudes toward banking biometrics

Following yesterday's post "Customers Embrace 'Controversial' Technology," comes more detailed information about the survey behind the article.

Australia and New Zealand Banking Group : No cash, no worries your fingerprint will do, new survey reveals (Press Release at 4-traders)

No cash, no worries your fingerprint will do, new survey reveals

Seventy-nine per cent of Australians said they would be comfortable with fingerprint technology one day replacing their banking PIN and more than one third of Australians would prefer to live in a cashless world according to a new survey released today.1 The Newspoll survey commissioned by ANZ also found Baby Boomers are giving younger generations a run for their money, with nearly three quarters of those aged 50-64 more likely to use digital technology over a bank branch for day-to-day banking transactions.

Australians have adopted digital habits for most of their banking needs and will increasingly look to technology to make their financial lives easier in the future, with the survey finding:

• Not surprisingly 88 per cent of people aged 18 - 34 prefer to use digital technology over a bank branch for day-to-day transactions but their Mums and Dads weren't far behind at 75 per cent;

• 38 per cent of Australians would prefer to live in a world where they didn't need to carry cash;

• 40 per cent of people even accepted the idea of one day outsourcing their finances to a digital personal assistant - an intelligent computer program which makes financial decisions and moves money between accounts on your behalf;

• 49 per cent of 18 -34 year olds like the idea of a digital personal assistant but

with only 30 per cent of Baby Boomers indicating they would be likely to use the technology;

• 67 per cent of Australians would be comfortable using a machine that scans your eye to verify identification in place of a pin; and

• 73 per cent of people find it inconvenient when small businesses don't accept cards and only cash, with 82 per cent of 18-34 year olds finding cash only policies the most frustrating. There's more in the press release at the link. See also: ANZ rolls out new customer-facing tech (itnews)

UK Surveillance Commissioner Speaks

CCTV Technology has ‘Overtaken Ability to Regulate it’ (Wall Street Journal)
“A tiny camera in a dome with a 360-degree view can capture your face in the crowd, and there are now the algorithms that run in the background. I’ve seen the test reviews that show there’s a high success rate of picking out your face against a database of known faces.”

Research into automatic facial recognition being carried out by the Home Office has reached a 90 per cent success rate, he said, and it was “improving by the day”.
The headline quote comes from this more detailed article from The Independent, and might best be taken as a warning rather than a statement of fact. After all, if meant literally, the statement belongs in a resignation letter.

Surveillance Commissioner Andrew Rennison:
Let's have a debate – if the public support it, then fine. If the public don't support it, and we need to increase the regulation, then that's what we need to do."
Sounds like Transparency and Consent to me.

Mexico: New State-of-the-Art Prison

Jail having state-of-the-art technology opens in Mexico (News Track India)
The prison features cutting-edge technology, including 1,200 security cameras, X-ray equipment, scanners, gear to detect the molecular presence of drugs, biometric readers to monitor people entering and leaving the facility, and equipment to block telecommunications signals, Calderon said.

New European Data Protection Supervisor Opinion on Data Privacy & Biometrics

Privacy guardian wants one EU rulebook on ID databases (The Register)
"The EDPS [ed. European Data Protection Supervisor] considers that the proposed Regulation should establish a minimum set of requirements, in particular with respect to the circumstances, formats and procedures associated to security as well as the criteria, conditions and requirements, including the determination of what constitutes the state of the art in terms of security for electronic trust services," it said.

The watchdog said that if common security requirements are not to be set out in the new laws, then provision should be put in place to allow the European Commission to "define where needed, through a selective use of delegated acts or implementing measures, the criteria, conditions and requirements for security in electronic trust services and identification schemes".

Assistant EDPS Giovanni Buttarelli, who signed the opinion, said that the proposed new law should set out a requirement that trust service providers and electronic identification issuers should have to provide individuals who use their services with "appropriate information on the collection, communication, and retention of their data". He added that those organisations should also have to provide individuals with "a means to control their personal data and exercise their data protection rights".
The world can always use more Transparency and Consent.

Special attention for biometric data follows the section quoted above.

The pdf of the Supervisors report can be found here:
Opinion of the European Data Protection Supervisor on the Commission proposal for a Regulation of the European Parliament and of the Council on trust and confidence in electronic transactions in the internal market (Electronic Trust Services Regulation)

Wednesday, October 3, 2012

Mobile fingerprint biometrics: Show me the sensor

Meet the Australian biometrics company working with Apple on ID technology (Smart Company Australia)
The head of an Australian biometrics company which scored a key contract with Apple says the future of mobile technology will be closely linked with fingerprint scanning and other ID tech, especially as phones and payment systems become entwined.
See yesterday's post. Here's a snippet.
Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple's future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven't been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren't any applications that use it. Application developers won't develop applications that can't be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone's microphone for voice and camera for face, and now, perhaps, palm-based biometrics.
A lot of very smart people are talking like mobile device + fingerprint + NFC + payments is going to happen. Fingerprint sensors have to start showing up on mobile devices first, though.