Thursday, February 28, 2013

ROI, baby!

Security Concerns No Longer Drive Biometric Technologies (AFCEA) — “We’re looking at this change from a security focus to a convenience, automation and cost-savings focus. That’s driving the market today. Commercial organizations will drive the market for the next 10 years,” Potter stated.
End of the line for online passwords, says PayPal (BBC)
So the industry is looking to ditch passwords, and is turning to a variety of solutions, such as voice recognition, key stroke analysis and finger print identification.

Payments firm PayPal is one of those leading the changes, and president David Marcus says the aim is to make the whole process seamless.

"Like magic, you'll be authenticated, and the payment will go through," he tells BBC World Service's Business Daily.

"We want to move away from passwords, and get to embedded fingerprint scanners on mobile phones

Seen on twitter...


Wednesday, February 27, 2013

USA Today Editorial duels Op-Ed on biometric exit monitoring system

Border security not just about walls: Our viewUSA Today Editorial Board
A full biometric system plus immigration agents plus court personnel would cost tens of billions that the government doesn't have. But if this year's immigration reform is to prove more effective and durable than those of the past, this would be a good time to face up to the costs.


We can identify those who overstay on visasDavid Heyman, assistant secretary for policy at the Homeland Security Department
Ultimately, biometric exit is not the only exit system that exists. Rather than wait for a time when there is enough funding or capability, we have built and are improving a system that is effective today.

The findBIOMETRICS Newsletter is out

findBIOMETRICS Newsletter for Monday, January 28th, 2013

findBIOMETRICS is a great resource that covers a lot of content that we at the SecurLinx blog don't, partly because Peter already does such a great job with findBIOMETRICS. He also creates a lot of new and valuable content through interviews and origintal reports.

The tenth annual biometrics year in review [pdf] is an excellent example.

Tuesday, February 26, 2013

Which technology will revolutionize hotel room keys?

Hotels are already equipping their doors for the future — Examining technologies that can bring "non-stop check-in" to hotels at Hospitality Net.

The contenders:

  1. Smartphone with app 
  2. Traditional mobile telephone 
  3. Universally programmable key (includes certain advanced house, office or car keys) 
  4. PIN code 
  5. 2-D barcode 
  6. Fingers, hands or eyes (guests tend not to leave these items at home)

Author Keith Gruen breaks down the pros and cons.

Raconteur special report on biometrics

I've been waiting for this since I first became aware that Raconteur's special report on biometrics was in the works. It doesn't disappoint.

Click here for the report's home page. Or here for the pdf version.

The report includes a useful infographic: Biometrics by the Numbers

Click image for large version hosted at Raconteur.

Articles in the report:

Oldest ‘new’ technology is science of the future

Make way for knobbly kneed ID… or who’s this ear?

The workplace just got smarter as business wakes up

Using your body as a security shield to safeguard data

Blame bad policy not the technology

Striving to do the right thing

Future of biometrics is in hand

"Oldest ‘new’ technology..." and "Blame bad policy..." are particularly good.
...[S]he wanted to stress a larger point -- that seeing her name attached to the card gave her a sense of belonging and identity beyond its functional purpose.

Ajay Banga, President and CEO of MasterCard Worldwide, gives his take on biometrics, development and his company's role.

Africa: Where a More Inclusive Future Is Being Written (Huffington Post)

Who would handle the verification end of a US biometric ID system?

Bruce Kennedy at MSN Money does a good job documenting some challenges associated with a national biometric ID in the United States in Should the US have a national biometric ID card?

Appropriately, cost, culture and the mechanics of a possible future system are addressed.
But because biometric enrollment without biometric verification is a half-measure, the thing that really caught my eye was the part about how the verification end of a theoretical future biometric ID system might work.
Should a biometric ID card become a reality, Haag envisions a new micro-market emerging, of companies creating portable employee-verificatio​n systems that would offer their services to other businesses. "Something along the lines of...these trucks driving around now that do all the shredding that guarantee all of your sensitive documents will be 100% shredded," he says. "I think it would be cost-prohibitive for small business to acquire and maintain the hardware and the software necessary to do it themselves."
Haag's vision of mobile verification is interesting. We've touched on two other possibilities, neither of which depends strictly upon a national system, in the past in:

The Post Office, Identity Assurance & Biometrics
ID Entrepreneurs: Criminal Background Checks

If you only have time for one of the two, the Post Office one is the way to go.

Monday, February 25, 2013

Philippines makes it official: biometric voter registration required for 2016 elections

Biometrics now in force to cleanse voters’ list (Manila Standard Today)
Voters who fail to submit for validation on or before the last day of filing of application for registration for purposes of the May 2016 elections shall be deactivated.

“It is the policy of the state to establish a clean, complete, permanent and updated list of voters through the adoption of biometric technology,” the new law read.
Mandatory Biometric Voter Registration Introduced in Philippines (Future Gov Asia)
The new law prohibits the use of the database of voter information for “any purpose other than for electoral exercises”, and requires the Comelec to keep the database secure.
Of course, we'll await news of any plans for biometric voter verification.

New Dell tablet appears to have a static fingerprint reader

Judging by one of the photos accompanying this item at GottaBeMobile.com, the new Dell Latitude 10 tablet incorporates a static fingerprint reader on the back.

The "static" part of static fingerprint reader refers to the finger as the user interacts with the hardware. With a static reader the finger is held stationary against the sensor. The swipe reader requires the user to drag a finger across the sensor. Though the software behind the swipe reader sensor has improved over time, I've found the swipe sensors more difficult to use than static sensors. Nevertheless, probably due to cost considerations and the availability of real estate available for situating the sensor hardware, the swipe fingerprint readers were preferred by the first generation of hardware manufacturers to incorporate fingerprint sensors into mobile devices like laptops and mobile phones.

So, it seems like some combination of the following statements must be true:
-The hardware cost of the static sensors, compared to swipe sensors, has come down*;
-The static reader hardware has gotten smaller;
-The market demand for fingerprint biometrics on mobile hardware has risen;
-And I'm not the only one who prefers using static readers.

Another observation:
It's difficult to tell from the photo, but the fingerprint reader still looks awfully small — roughly the size of the cell phone camera also visible in the image.

Here's a good static vs. swipe summary.




*To keep this apples to apples we're going to leave optical scanners out of this discussion altogether.

Thursday, February 21, 2013

Feb. 21, 2013: Biometric Chat on Biometrics & Development

UPDATE and bumped:

Today's biometric chat was perhaps the best yet. Having two interviewees sitting across the internet table from John at M2SYS worked quite well. With the two participants, Alan Gelb and Julia Clark, multiple lines of conversation could develop while, thanks to John and the other participants, they remained relevant to each other and the larger topic of Biometrics and Development. The resulting conversation was faster-paced than usual and a lot of ground was covered. Many thanks to John, Alan and Julia and all who participated.

In case you missed it, or would like a chance to review it, John has posted the transcript at Storify.

If you're interested in the subject pf biometrics (and if you're here, you probably are) please consider joining in the next one either to ask questions, to answer them, or to give your opinion on topics of interest in biometrics and identity management.

Originally published on Feb. 12, 2013

When:
February 21, 2013 - 11:00 am EST, 8:00 am PST, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST)

Where:
tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat)

What:
Tweet chat on the use of biometric identification in developing countries to help bridge the identity gap with Alan Gelb (@AlanHGelb) and Julia Clark (@juliamgclark) from the Center for Global Development.

Topics:
How biometric identification helps to promote development, risks and challenges of using biometrics, emerging trends and their implications, and more.

More at the M2SYS blog.


Earlier topics have included privacy, mobile biometrics, workforce management, biometrics in the cloud, law enforcement, privacy again and modalities such as iris and voice.

I always enjoy these. Many thanks to John at M2SYS for putting these together.

Social media critique with a bleg for some biometrics already

The recent Burger King and Jeep twitter account hacks inspired Charlie Wollborg's Having your social media feed hacked is forgivable; being boring is not at Crain's Detroit Business.

Of course there's a biometrics tie-in but the article is a fun read for those who are interested in the social media as well.

The biometrics part:
Can we unleash a few of our most talented geeks on making biometric security apps to the smartphone? Every sci-fi and spy movie in the last 50 years has shown our heroes using fingerprint scanners, retinal scanners and voice print identification. Forget the flying car, just bring me a biometric security app!
We're working on it!

And then there's the social media critique.
So yes, Burger King and Jeep had to deal with being hacked, but look at the opportunity! All eyes were on their social media feeds! What did they respond with? More of the same boring, bland content. Reading the last 30 twitter updates for both brand will give Lunesta a run for it's money. Overly promotional. Instantly forgettable. Yawn.

Being hacked is forgivable. Being boring is not. A status update should not be a to do item. Don't just post to post...
Good advice follows. I'd like to think we...

Wednesday, February 20, 2013

Ukraine mulls biometric voter verification for Members of Parliament

UDAR suggests taking fingerprints of MPs (forUm) "A new voting system, which reads fingerprints of MPs must be introduced in the Parliament, deputy leader of the UDAR Party faction Vitali Kovalchuk said on the sidelines of the Verkhovna Rada, ForUm correspondent reports."


Piecing this together from a couple of places at http://en.for-ua.com. The main story linked above is very short. There is also a photo gallery of the event where the press was invited to witness "the working of the voting system 'Rada-4'".

I took the above photo from that gallery. Is that an optical fingerprint reader illuminating the hand in the photo?

If so, and I realize I'm piling speculation atop a mere suggestion, it would mark an interesting development in the administration of legislative bodies. 

The São Paulo City Council instituted a biometric time and attendance system, but I'm not aware of a biometric system used in a legislative body to ensure that the person casting a vote is a member and that the member in question isn't going around to all the empty desks and voting in the place of his absent colleagues. 


Tuesday, February 19, 2013

US visa overstays: An ID problem or a management problem?

Everyone except the Department of Homeland Security (the US Congress apparently mandated a biometric exit logging system over a decade ago) seems to agree that a biometric check in/check out system is the way to go, but according to:

U.S. Struggles to Nab Visitors Who Overstay (Yahoo)
The department is no longer focused on implementing a biometric system, one relying on fingerprints or other unique personal markers, to make sure someone leaving the country is the same person who entered on a particular visa. Instead, the department has begun comparing lists of people with expired visas with lists of foreigners who depart through airports and seaports.
In order to be appropriately bewildered, one really must read the article in its entirety. For example: Among the reasons cited by the Secretary on behalf of the famously frugal DHS is that a biometric system would be "extraordinarily expensive."

Monday, February 18, 2013

Grenada tightens up ID, votes tomorrow

Grenadians elect a new government tomorrow (Caribbean 360)
Grenada (CIA World Factbook)
The elections will be monitored by observer teams from the Caribbean Community (CARICOM), the Commonwealth and the Organization of American States (OAS).

The OAS has also been providing technical support to validate and verify the integrity of the new voter registration system.

At the end of a two week mission the OAS submitted a Report which concluded that “the introduction of biometric identification cards and an electronic voter database constitute significant improvements in voter security, relative to the processes that were previously in place.”

Making sure houses meant for the poor go to the poor

MHADA eyes biometric system to crack down on lottery winners (Mid Day) Housing body may use biometric machines to scan finger, retina of lottery winners to curb illegal buying, selling and renting of flats post-purchase in this year's lottery. If people come to see a social program as too easy to abuse, it will be hard for that program to keep the people's confidence.

Biometrics as engines of cultural change

The West African Examinations Council (WAEC) in Sierra Leone is adopting a new biometric system to reduce impersonation among test takers and also to help eliminate bureaucratic errors.

We've covered the return on investment (ROI) of biometric ID systems quite extensively and the decision makers at the WEAC obviously saw the ROI potential of adding a biometric check to the testing process. Something else we have talked about (and it's one aspect of biometrics that is intensely interesting to development types) is the accountability biometric systems can help bring to organizations and the cultural changes better ID management allows for.

Sheriff Sapateh, Head of the WEAC National Office gets this part, too:

WAEC launches Biometric Registration system (Awoko h/t @Argus_Global)
The Head further noted that examination malpractice unlike HIV/AIDS has a cure, adding that in order to win the war against examination malpractice there must be a holistic effort by all stakeholders in the education sub-sector.

He said that to avert a total collapse of our education system, there is a need for an entrenchment of a culture of examination ethics which is the respect for the rules, regulations, expectations, codes of conduct and moral principles governing the conduct of assessment and evaluation system, not only in educational institutions but in all sectors of the economy.
Using better ID management techniques can help to develop and encourage a more ethical culture — one less hospitable to corruption. Managers who understand this and want to do something about it have an ally in biometric ID management systems.

Friday, February 15, 2013

Philippines moves closer to biometric national ID

National ID system hurdles 2nd reading (ABS-CBN News)
The proposed "Filipino Identification System Act" aims to reduce red tape in government, Bichara said.

"The bill will reduce costs and lessen the financial burden on both the government and the public brought about by the use of multiple ID cards and maintenance of redundant databases containing the same or related information," he added.

Nomadic Norwegian ghost children!

ID scams may lead to DNA testing (Views and News from Norway)
Calls were being made this week for mandatory DNA-testing of children born at home in Norway, following several welfare fraud cases involving women who claimed benefits for children they never had. More than 70 children have been deleted from the state’s public register (Folkeregister) because they didn’t exist.

Newspaper Aftenposten reported this week that state welfare agency NAV had uncovered the scam carried out by Roma women in Norway. NAV revealed that the children had never been born and that their “parents” had received more than NOK 30 million (USD 5.5 m) in welfare benefits. Some of the children had existed on paper since 1995.

Coopetition: Biometrics and Passwords

Startup Prepares Alternative to Online, Mobile Banking Passwords (American Banker)
As banks struggle to move past passwords, a Silicon Valley startup is taking a stab at a fingerprint and facial recognition standard backed by some heavy hitters — PayPal and Lenovo among them.
Despite hopeful initiatives, demise of passwords years away (CSO)
Security pros have been saying for years that password protection is not enough. And this week, two groups -- one private, one public -- announced initiatives to create more secure ways to authenticate identities online.

Several security experts, who would love to see passwords retired, said they will be watching those initiatives with interest, but don't expect mainstream change for at least the next several years.
Passwords are the ID management security method everyone loves to hate. So why are they still everywhere? Why is their number growing without signs of slowing?

In their A Research Agenda Acknowledging the Persistence of PasswordsCormac Herley and Paul C. van Oorschot tell us why.
Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats.
The part about them being essentially free requires qualification (which the authors offer), but that's a pretty impressive list.

So it's good thing for us in the biometrics business that biometrics don't need to supplant the password altogether. For the moment biometrics can't compete on cost to root passwords out everywhere. But I'd like to discuss two (there are more) instances where biometrics can and should be used to limit the risks organizations expose themselves to by over-reliance upon passwords.

Databases of customer information should be biometrically protected. 
From an organizational point of view, for many many service providers, allowing customers and users to protect their individual accounts with passwords, exposes the organization as a whole to minimal risk. Some relatively predictable number of users who use passwords will choose poor passwords, some will become victims of phishing scams. If the costs of sorting these cases out are less than the costs associated with burdening all users with more onerous security protocols, then the password is the appropriate solution. But at some point, all databases of user/customer information should be protected with biometric access control methods because, while having occasional users pick weak passwords or get tricked into giving them away is one thing, hackers making off with the entire database of user/password information is something else altogether. Requiring biometric verification of all human database Administrator logins would go a long way to lowering the biggest risk of passwords: their wholesale theft. In many ways the Admin level is the perfect point to introduce these more rigorous security protocols. There aren't (or shouldn't be) too many Admins, so the inconvenience falls on as few individuals as possible. Admins are tech savvy, so they should be able to adapt to the new security environment quickly. They should have an understanding of why the extra step is worth the effort. It's their responsibility to keep the keys of the kingdom. Perhaps most compelling, they're the ones on the hot seat when the CEO is out apologizing to all and sundry following a data breach.

Biometrics can also be used to overcome some of the limitations of passwords in more mundane password use models.
Biometrics can facilitate the use of more complex passwords that change more frequently and hence are more secure. [See the laptop fingerprint sensor (i.e. biometrics to control a password management application).]

In higher value authentications, biometrics can also be used as a way to return the password to the simplicity of the PIN. For example: a fingerprint scan associated with a weak password such as a 4 digit PIN provides far stronger authentication than any password a human could be expected to type*. In other words, biometrics can be combined with rudimentary passwords to bring an end to the "password arms race" where the main coping strategy has been longer, more complex and more frequently changing passwords — i.e. the real reasons people tire of the humble workhorse of the ID game. So instead of replacing the password, biometrics might one day be used as a way to salvage what makes it great while minimizing the frustrations associated with over-reliance upon it.




















*This type of model also has virtues regarding the irrevocablility of biometric identifiers, a discussion of which is beyond the scope of this post.

Thursday, February 14, 2013

Pakistan may require a fingerprint check to purchase a cell phone

Pakistan is considering requiring a fingerprint check as part of the process of purchasing a SIM (Subscriber Identity Module) card as a way of more definitively tying mobile phones to their purchasers.

Nigeria implemented a similar system beginning in 2010.

There are several reasons that countries would want to do this, most related to making it easier (or even possible) to investigate crime. Mobile phones are critically important tools in such criminal enterprises as ransoming kidnapping victims and organized robbery. Terrorists depend upon mobile phones both for communication and to detonate explosive devices.

Tele-operators briefed on biometric system (The Nation)
“NADRA being the sole custodian of biometrics of over 96 percent total population of the country, has offered the biometric solution in the wake of Interior Ministry’s grave security concerns over the use of cellular devices in terrorist plots,” the spokesperson said. It should be noted that on December 1, 2012, the Prime Minister, after taking notice of insecure sales mechanism for issuance of SIMs, directed all telecom companies to employ biometric verification for SIMs issuance within two months’ time.

Wednesday, February 13, 2013

Consequences of the Coriander kerfuffle?

300 errant UID agents blacklisted (DNA India h/t @M2SYS)
Following complaints about agents doing the rounds of Aadhaar enrolment centres seeking money from applicants, the state government and UniqueIdentification Authority of India (UIDAI) have blacklisted around 300 such errant operators in Mumbai.

“Around 300 operators have been blacklisted in Mumbai,” said Ajay Bhushan Pandey, Deputy Director General, UIDAI, adding that this had been done because of complaints regarding money being sought from applicants, proliferation of agents at centres, irregularities and quality issues.
Following such high-profile cases as giving vegetables ID's (and them presumably charging the government for it), a purge of unscrupulous and/or ineffective UID enrollment agents has been a long time coming.

A scam involving shaking enrolees down would be far more difficult to detect using automated means than determining which agencies showed higher-than-average rates of submitting bogus enrollments, so I'm glad the UIDAI is willing and able to send actual agents to enrollment centers where there are reports of agents soliciting bribes.





Biometrics reveal improperly issued drivers licenses in New Jersey

Yesterday we concluded the "perfect is the enemy of good" post, with the observation that the merit of biometric ID systems is established when biometrics are used to audit what we termed "Industrial Age" systems.

Right on cue, The Trentonian (Trenton, NJ) reports that:
A new, high tech software has helped authorities identify two city men who fraudulently obtained New Jersey Drivers Licenses, according to the New Jersey Office of the Attorney General (AOG).

Raymond Feeney, 51, and Kirk Bland, 50, have been indicted on charges of using personal information of another to obtain a driver’s license, tampering with public records and forgery. Feeney’s license was suspended on four driving while intoxicated convictions, Bland’s licenses were suspended on two unrelated DUIs.
Any guesses as to what kind of high tech software was used to audit the New Jersey drivers license database, or the scope of the fraud detected (error rate, if you will)?

Many critics of the adoption of biometric identity management technology try to argue that unless biometric techniques are infallible and perfect, then they shouldn't be used. This line of reasoning ignores the fact that the systems they themselves depend upon for the identity documents that enable their full participation in the modern world are demonstrably fallible.

Is it any wonder, then, that developing countries that don't already have universal access to DMV's, birth certificates, social security cards, etc., are not only adopting biometric ID management techniques but that they are deploying them at the front end of their ID infrastructure rather than as a remedial measure?

Tuesday, February 12, 2013

Impressive voter registration numbers in the Philippines

The 52 million voters registered to vote in the upcoming Philippine elections is impressive because the previous peak voter enrollment of 51 million, was trimmed by four million after delisitng ineligible voters and the net 5 million additional voter registrations have been biometrically vetted for uniqueness.

Registered voters hit 52 million (ABS-CBN News)
For the country’s first automated polls in 2010, 50,653,828 voters registered.

“It’s not a net gain of one million, rather about five million because the (almost) 51 million in 2010 went down to 47 million after delisting. Now it went up again (to 52 million),” he said.

For the 2013 polls, the Comelec resumed the continuing registration of voters and validation of registration records for more than a year until last October.

During this period, the poll body also removed from their list voters who registered more than once by cross-matching their biometrics data using the Automated Fingerprint Identification System.

This resulted in the delisting of around five million voters, Jimenez said.
I can't find anything that indicates the the Philippines are planning biometric voter verification at the polls, though.

Praise for Ghana's recent elections

We Should Learn From Ghana Experience (PM News)
"Having been based in Ghana as the Nigeria High Commissioner for four years, going back for the last election was an added value to my trip, in the sense that I can confidently say that their last election where I was an observer, was an improvement on what transpired during the previous presidential and parliamentary election in Ghana.

The introduction of the biometric data-based machine actually assisted in terms of verifying and authenticating the voters and orderliness despite the huge turn out. The orderliness demonstrated by Ghanians was highly commendable."
If I recall correctly (and unlike the recent Ghanaian elections), the last Nigerian elections featured biometric registration but not biometric voter verification. That recollection is supported here, where a Nigerian official expresses hope for 100% biometric voter authentication by 2015, and later in the interview.

More at the link.

Biometrics & ID infrastructure: Perfect is the enemy of good

No good work whatever can be perfect, and the demand for perfection is always a sign of a misunderstanding of the ends of art.
—John Ruskin

Everybody knows that there's nothing perfect in this world, yet plenty that is imperfect also happens to be very useful.

Identity management is one of these. Conducted by people to account for people, with human beings on both sides of the equation, perfection is out of the question. Only someone who misunderstands the ends of the art of ID can reject a certain solution because it falls short of perfection.

Is using a name to identify a person perfect?
Some people can't speak. Some people can't hear. Some people can't read. Some can't write. Many people share the same name.

A token?
Tokens are lost, stolen, counterfeited.

Maybe a photo then?
Some people can't see.

Fingerprints, then?
Some people don't have hands, at all.

Iris?
Some people don't have eyes.

People cope with imperfection in all aspects of their lives including identity management. Planning for exceptions to the routine ID management transaction is something all existing ID management systems already do. Biometrically enabled ID management systems are no different.

None of the above ID techniques is perfect yet (especially when combined) they are all useful. In this context, a proper understanding of Ruskin's "ends of art" is Return on Investment, not perfection. The economic value of something does not lie in its perfection. It lies in its ability to help improve things by a measure exceeding the sum of its costs.

What distinguishes biometric systems from earlier ID management techniques, especially in the development context, is that they are an extremely effective and affordable means of establishing a unique identity for individuals among populations that have not been highly organized in the past.

Low access to education? High illiteracy? Poor birth records? Highly transient populations? Recent wars left high numbers of orphans or displaced people? New democracy? For countries answering "yes" to any of these or other similar questions, biometric systems are about the only economically viable choice for developing the ID infrastructure that people who can already verify their identity take for granted.

Additionally, when compared to the investments made by the powers of the Industrial Age to develop their ID management systems —  investments still out of reach for the governments of billions of people — biometrics while cheaper, seem capable of outperforming Industrial Age systems. We know this because existing systems using the best Industrial Age techniques have been audited using biometrics. When the older systems are audited with biometric techniques all sorts of errors and inconsistencies are discovered, errors whose numbers would have been reduced significantly, had biometrics been used in the creation of new profiles in the relevant ID systems.

Biometrics & Development

Using biometrics in development: lessons and challenges (Guardian)
Citizens of rich countries take official identification for granted. But many in poor countries lack robust IDs, or indeed any documentation at all. This "identity gap" has been an obstacle to inclusive development in many countries. But increasingly, governments and donors have turned to digital fingerprints, iris scans, and other biometrics to provide inclusive, secure and accurate identification for their citizens, from national IDs, to elections and social welfare payments. In a recent Center for Global Development working paper, we surveyed 160 cases where biometric identification had been used for such programmes in over 70 developing countries — cases which cover over 1 billion people!
More at the link.

Friday, February 8, 2013

Prisoner pulls same ID switcheroo twice.

U.S. Marshals tracked Marquez to a Michigan home in January. However, he pulled the same identity-swap trick on jail officers there after he was arrested and booked. He walked out of that jail too.

Currently, he is on the run and considered armed and dangerous.

Simple mistakes led to Maricopa County Jail escape; armed and dangerous suspect still on loose
(ABC15.com)

As the headline says, they're simple mistakes. They're also simple to fix.

I can't think of a good reason to forego the use of computerized biometric checks for prisoner release. I say computerized because evidently, there was a sergeant who compared an older, smudged, thumb print with a fresh one before allowing the release — an additional benefit of automated fingerprint systems is that they often come with a quality checker on the front end, which goes a long way to preventing the "garbage in" part of the famous metaphor.

Another important issue, touched upon in the video below is the issue of specific training regarding the prisoner release process.

The sheriff’s office is in the procurement stages for new, biometric technology.

Thursday, February 7, 2013

Biometrically enabled encrypted external hard drive.

Pretty Sweet (Softpedia)

Click  here for story at Softpedia.com

A peek at the tech requirements for India's UID project

Why is India’s UID Aadhar a Big Data challenge and opportunity? (Information Week)
Everything about India’s UID project or Aadhar as it is commonly known is ambitious. Giving a unique identity to 1.2 billion residents is a challenging task. No country has done a project of this scale – which is why this project is being watched keenly by everyone - not only in India, but the rest of the world too.

Let's look at some interesting facts about Aadhar. The scope is to capture 12 billion fingerprints, 1.2 billion photographs, and 2.4 billion iris scans. The file size for each enrollment is approximately 5 Mb. When you summarize this for 1.2 billion people, the file size would be measured in petabytes. This is just the storage part.
De-duplication, also addressed in the article, is the really crazy part, though.

The magic game-changer

Direct benefit transfer: Not a panacea, but a likely game changer (VC Circle)

Here's the conclusion:
Yet, the basic idea of providing entitlement benefits directly to the beneficiary bank account through technologically superior, cheaper and more efficient distribution channels can hardly be questioned. The process is likely to have large positive macroeconomic externalities. Unfortunately, rather than deliberating on the larger issues, the ongoing debate on DBT is getting bogged down in the discussion of ulterior motives, teething and implementation concerns and thereby missing the wood for the trees.
I'd emphasize "cheaper". The discussion of the macroeconomic externalities is something you don't see too much of when UID is discussed.

This is one of those times where the temptation to just poach the whole article is strong. Click through and read the whole thing. There's not a wasted paragraph among the eight in this compact and thoughtful piece.

Wednesday, February 6, 2013

Industry report on fingerprint biometrics

Growing Security Concerns to Drive Global Market for Fingerprint Biometrics, According to New Report by Global Industry Analysts, Inc. (Press Release via Yahoo)
The ever present threat of security concerns like terrorist attacks, campus violence, random shootouts, burglary and physical assaults, will continue to offer a steady flow of opportunities for the conventional AFIS fingerprint biometrics by way of government compulsions in investing to beefing up security infrastructure. Non-AFIS Fingerprint Biometrics in m-commerce applications is forecast to drive strong gains in the market.

Advancements in technology, increasing accuracy and performance levels, reducing complexity and declining prices, are key factors responsible for expanding the application possibilities of fingerprint identification technologies beyond the government sector. Fingerprint identification systems are already being deployed in enterprises, particularly in large organizations with huge number of employees and continuous flow of visitors. Companies engaged in processing of sensitive information such as banking and financial institutions and research laboratories are also using fingerprint identification recognition extensively for monitoring visitor and employee movements. Non-AFIS fingerprint scanners are especially finding increased adoption in the business segment. Government regulations mandating stringent security measures for key commercial centers such as office buildings, malls, hospitality and healthcare facilities will also add to the market demand.
More interesting findings at the link, including falling costs for silicon based fingerprint sensors, which are small enough to be useful on mobile devices (laptops & hand-helds) but have been much more expensive than optical fingerprint readers.

India: Biometric system discovers ghost residents and diners in student dwellings

Biometric system in Karnataka hostels busts scam (DNA India)
Thanks to the installation of biometric machines at hostels run by the social welfare department, a scam involving officials of the department in collusion with contractors has been exposed.

The department, which had installed biometric systems (thumb impression devices) at 280 hostels in various parts of the state, found that only 35% of the students were actually staying in these hostels.

However, officials were found creating false bills for the supply of food items in nexus with contractors, claiming that all the students were residing in the hostels. The state government, waking up to the situation, has now decided to install biometric systems in all 4,144 hostels in the State.
More at the link.

The challenges confronting any new biometric modality

[ed. This post reflects a substantial rewrite of an earlier post of January 24, 2013: Not the bee's knees]


Every once in a while a version of the following paragraph finds itself in the news...

Biometrics Using Internal Body Parts: Knobbly Knees in Competition With Fingerprints (Science Daily)

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your knobbly knees. Just as a fingerprints and other body parts are unique to us as individuals and so can be used to prove who we are, so too are our kneecaps. Computer scientist Lior Shamir of Lawrence Technological University in Southfield, Michigan, has now demonstrated how a knee scan could be used to single us out.

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your ______________.

Examples are numerous and fecund:


Heartbeat?
Rear-end?
Ear?
Bone structure or electric conductivity?
Footsteps?
Nose? (ed. Link added later. I forgot about that one.)
Body odor?
Brain prints?
Lip movements?
Kneecap?

While I suspect that any definable aspect of the human anatomy could be used as a biometric identifier — in instances where teeth are all that is known about an individual, they are used for high confidence identification — I'm afraid that, for the foreseeable future, the cards are stacked against any new biometric modality catching on in any big way.

The reasons for this are both scientific (research based) and economic (market based).

On the science side, a good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn't in the cards. If something is unique and durable but isn't easily measurable, it can still be useful but it isn't going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren't going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.

There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data and (especially regarding uniqueness) a healthy dose of statistical analysis. I'm no statistician, and from what I understand, the statistical rules for proving biometric uniqueness aren't fully developed yet anyway, so let's just leave things in layman's terms and say that if you're wanting to invent a new biometric modality and someone asks you how big a data set of samples of the relevant body part you need, your best answer is "how many can you get me?"

In order to ascertain uniqueness you need samples from as many different people as you can get. For durability you need biometric samples for the same person taken over a period of time and multiplied by a lot of people.

Ease of measure is more experiential and will be discovered during the experimentation process. The scientists charged with collecting the samples from real people will quickly get a feel for the likelihood that people would adapt to a given ID protocol.

For two common biometric modalities, face and fingerprint, huge data repositories have existed since well before there was any such thing as a biometric algorithm. Jails (among others) had been collecting this information for a hundred years and the nature of the jail business means you'll get several samples from the same subject often enough to test durability, too, over their criminal life. For face, other records such as school year books exist and were readily available to researchers who sought to test the uniqueness and durability of the human face.

The first hurdle for a novel biometric modality is the competition for the attention of scientists and researchers. Getting the attention of science and technology journalists by making a pronouncement that the space between the shoulder blades is the next big thing in biometrics is one thing. Getting academic peers to dedicate the time and research dollars to building the huge database of interscapular scans required for algorithm development is quite another. Any new modality has to offer out-sized advantages over established modaities in order to justify the R&D outlay required to "catch up". This is highly unlikely.

On the market side, in order to displace established (finger/hand and face/eye) biometric modalities in wide scale deployments, the academic work must be complete and the new technology must produce a return on investment (ROI) in excess of that offered by existing technologies designed to accomplish the same function.

That's not to say that modalities that didn't have the advantage of a 100 year head start on data collection are impossible to bring to market. Iris, voice, and the vascular biometrics of the hand (palm, finger) have joined face and fingerprint biometrics in achieving commercial viability despite the lack of historic data repositories. But there were several things recommending them. They either occupy prime real estate on the head and the end of the arm (Iris, vein) making them easy to get at, or they are the only biometric that can be used over a ubiquitous infrastructure that simply isn't going anywhere (voice/phone), or they offer advantages over similar established modalities. With hand vascular biometrics: they're harder to spoof than fingerprints; no latency; avoidance of the "fingerprinting = criminality" stigma; can work with gloves; users can avoid touching the sensor, etc. With iris: harder to copy than the face; harder to spoof; easier to measure than retina vasculation; and extremely low/no latency. Yet even despite gaining the required academic attention, iris and voice have had great difficulty overcoming the market (ROI) hurdle, which brings us back to knees.

Is there any database of kneecaps of significant size to allow researchers to skip the time-consuming task of building such a database themselves reducing the cost of development? Is there any deeply embedded ubiquitous infrastructure that is already an ideally suited knee-sensor? Is there any objection to modalities that have a head start on knees that knee biometrics would overcome? Is there any conceivable, repeatable, scalable deployment where a potential end user could save a whole lot of money by being able to identify people by their knees? I'm at a loss but these are exactly the kind of questions any new biometric modality must be able to answer in the affirmative in order to have any hope for wide-scale deployment.

So, it's pretty clear that knee biometrics are not something the average person will ever come into contact. Does that mean there is no value in exploring the idea of the kneecap as a feature of the human anatomy capable of being used to uniquely identify an individual? Not necessarily.

In order to thrive as high value-added tools in highly specialized deployments a novel modality just needs to help solve a high value problem. This has heretofore been the case with teeth & DNA. The analysis of teeth and DNA is expensive, slow, requires expert interpretation, and is difficult to completely automate, but has been around for a long, long time and isn't going anywhere anytime soon. That's because the number of instances where teeth and DNA are the only pieces of identifying information available are frequent enough, the value of making the identification is high enough, and the confidence level of the identification is high enough that people are willing to bear the costs associated with the analysis of teeth and DNA.

Beyond teeth and DNA, any biometric modality can be useful, especially when it is the only piece if information available. The CIA and FBI even invented a completely novel biometric approach in an attempt to link Khalid Shaikh Mohammed to the murder of Daniel Pearl using arm veins. But how likely is something like that ever to be the case for any of these novel modalities, knees included? It's possible that the situation could arise where a knee bone is discovered and there is an existing x-ray or MRI of a known person's knee and a comparison would be useful. That, however, is not enough to make anyone forget about any already-deployed biometric modality.

Tuesday, February 5, 2013

Good overview of biometric tech

Biometric scanners could unlock a new era of supersecure gadgets (Yahoo)
Biometric scanners—like fingerprint readers and face identification technology–have started to make the move from scifi flicks into your own home. Some of these biometrics are standard today, like Facebook’s photo tagging, but what does the future hold?

CGD continues its good work on ID & Development

Among the DC think tank set, Alan Gelb and the Center for Global Development (CGD) have been early proponents of applying biometric ID management techniques to strengthen international development projects. See: Fingerprint Haiti Now: Biometrics in Haiti, One Year Later from late 2010.

More recently, Mr. Gelb has been joined at CGD by Julia Clark. Together, they recently published the working paper: Identification for Development: The Biometrics Revolution.

Their most recent contribution is an audio discussion of the state of ID moderated by the CGD's Lawrence MacDonald.

The Biometrics Revolution — Alan Gelb and Julia Clark (Center for Global Development)
People who have identification, such as a driver’s license or social security card, frequently take it for granted, Alan explains. In fact, having identification opens doors—figuratively as well as literally.

“There are a lot of people in poor countries who are marginalized because they have no official identity. With no official identity, you can’t access government services; you really can’t participate in a normal economy,” Alan says. “So once you realize that ID is necessary, the question becomes what kind of ID you should have. And if one is looking for an ID which is robust, with which you can be reasonably sure that other people can’t pretend to be you, that’s where biometric ID comes in.”
The program ends with a plug for their free and open event in Washington, DC next Tuesday (Feb. 12).

I highly recommend that you click one of the links above.

Monday, February 4, 2013

Philippines: Fingerprint regulation of bus system gets positive review from local commuter

Biometric boosts (Malaya Business Insight)
I FELT like I was in the twilight zone last Friday and this Monday. Although there was some traffic, it wasn’t anything like the monstrous bottlenecks I experience every end and start of the work week.

It was a pleasant surprise actually and thanks to the Metro Manila Development Authority (paging Atty. Francis Tolentino).

The website Top Gear reported that MMDA “has rolled out an enhanced bus-dispatch system that not only regulates the number of public-utility buses on EDSA but also monitors the drivers manning them.”

It further reports that the “Bus Management and Dispatch System (BMDS) is the first bus-reduction program in the country that utilizes biometrics (through fingerprint-scanning) to identify and monitor PUB drivers, “ensuring the safety of commuters that patronize PUBs.”
Earlier post: Philippines: Manila development authority adopts fingerprint biometrics in bus dispatch and monitoring system

In search of a post-password world

Google wants to ditch the password - sounds lovely (Singularity Hub)
Memorizing numerous passwords is inconvenient. This is known. To counteract said inconvenience, many people use memorable (read: hackable) passwords on multiple sites. Which is a shame because security experts advise that, at a minimum, we use different, random, alpha-numeric strings for every website and switch them out every few months. Kind of the opposite of convenient. And even this method provides but a fig leaf of security.
Google isn't suggesting biometrics, at least not yet, but the article does cover biometrics as a possible solution.

Erroneous prisoner release due to "out of order" biometric hardware, Detroit edition

How can the Wayne County jail be overcrowded if beds are empty? (My Fox Detroit)
And last week's boner. Rocky Marquez, a fugitive found in Detroit with a loaded assault rifle, escaped from county lockup by switching identity with another inmate. How did that happen? The fingerprint identification machine was out of order.

"That is the most basic tool in the world to be able to verify a man's identity biometrically by his fingerprint. We don't have it," said a person who didn't want to be identified.

"It is a critical piece of equipment that needs to be fixed and we will get it fixed," Napoleon said.
There was a similar case in Georgia this past December.

Friday, February 1, 2013

UID-NPR update and rehash

A recap of an issue we've discussed here in the past. There are still some signs that the rivalry between NPR & UID continues, but the temperature of it seems to have gone down a bit.

Confused over Aadhaar and NPR, Cabinet sets up Group of Ministers (Economic Times)
Confusion over whether the unique identity number is a number, a card or both, and concerns over UID and the National Population Register duplicating functions prompted the Cabinet to refer UPA-2's ambitious project to a group of ministers.

The Cabinet discussion on Thursday revealed that the ministerial panel was not immune from contradictory and blurred perceptions about Aadhaar, as UID is known, with some ministers saying they had received a card along with a number.
For earlier posts mentioning UID & NPR together click here (Google advanced search).
German Interior Minister: EU needs US-style entry database (The Local)

The tech is complex. The politics, more so.

Employment verification, ID rules could be a hard sell for immigration reform (CIO)
Mandatory employment eligibility verification and identity vetting requirements in recent proposals for comprehensive immigration reform could prove to be a tough sell to various groups that have opposed the measures in the past as being unworkable...

Canada: Details on new biometric policies for certain visas

Canada to begin collecting biometric data from certain foreign nationals (International Law Office)
From 2013 temporary resident visa, study permit and work permit applicants from certain visa-required countries and territories seeking to enter Canada will be required to have their biometric information (ie, fingerprints and photograph) collected overseas before arriving in Canada. Canadian citizens and permanent residents will not be subject to the proposed regulations.

Fingerprints collected abroad will be sent to the Royal Canadian Mounted Police for storage and will be checked against the fingerprint records of refugee claimants, previous deportees, persons with Canadian criminal records and previous temporary resident applicants before a visa decision is made. The biometric identity established abroad will then be checked by a Canada Border Services Agency (CBSA) officer at a Canadian port of entry when the temporary resident applies for admission to Canada.
Much more: which countries; what types of visa; and implementation dates at the link.