Tuesday, April 30, 2013

Tanzania Seeks New Voting Gear (All Africa) — The Tanzanian government is seeking financial support to buy a new biometric system (BVR) for voter registration in preparation for the 2015 General Elections.

Delhi: First rickshaw pullers, now street vendors...

Street vendors concerned about Parliament disruptions holding up bill meant for their protection (Times of India)
"If the bill is passed, the police and municipal officials will not be able to throw us around," said Champa Ben, a street vendor from Ahmedabad. She has been selling fruits and vegetables on the pavement for the last 28 years. "Yet I have to pay Rs 50 per day as protection money to policemen. Even then, they keep throwing away my wares and harass me," she said.
NASVI president Manali Shah said the government should provide for recording of biometric measurements of street vendors so that only genuine ones are issued identity cards. "Often we have seen politicians manage licences for their people while genuine street vendors are denied," she said.
Short and sweet version: The street vendors want it and biometrics can help.

Biometrics can help bring order out of chaos is the post on the biometric registration rickshaw pullers.

UPDATE: Event Video Added -- Round-up of news on Nilekani's Washington DC appearance


The Center for Global Development has posted a video of the event 

Original post follows:

Wednesday, April 24, 2013

India’s Biometric IDs Put Its Poorest on the Map (Bloomberg)
That’s because it was an audience of development specialists, and the benefits of universal ID in poor countries are potentially huge. In advanced economies, proposals to gather biometric data and associate them with universal ID numbers immediately raise civil-liberties concerns. Not long ago the U.K. abandoned plans for a national ID card, partly on grounds of cost and partly because the idea was unpopular. This contrast in attitudes is worth pondering.

In recent years many developing countries have embarked on biometric ID programs. The Center for Global Development’s Alan Gelb and Julia Clark have surveyed 160 such projects and written an indispensable guide: “Identification for Development: The Biometrics Revolution.” As they and Nilekani point out, India’s project is unusual for its scale and scope, and because its aim was to create a system of identification independent of the uses to which it might be put -- a platform that can support many uses, rather than one specific application (such as checking eligibility for poverty relief).
Could a program tracking identities of 1.3 billion Indians be the secret to ending poverty? (Washington Post)
This is not, Nilekani insists, a scary example of government intrusion. Rather, he and others described the effort in near revolutionary terms during a lecture Monday at the Center for Global Development in Washington.

Suddenly, said Nilekani, tens of millions of people born without a birth certificate or any formal registration “exist” in the eyes of the government – and can demand services and benefits, get a mobile phone or open a bank account. Putting all the data on the cloud, he said, breaks the monopoly of civil servants over the distribution of such things as food and fuel subsidies.

Once you’re in the database, your identity can be verified at any government office, distributed from a bank, or transferred automatically to a bank account. It’s efficient. It cuts down on opportunities for corruption, such as bribes or what economists call “rent-seeking,” the skim off the top an official might demand for delivering a service.
600 million Aadhaar cards by 2014, says Nilekani (The Statesman)
“Today we have enrolled 380 million of the 1.2 billion people. Our daily processing is about a million people a day. Our goal is to reach 400 million this year and 600 million by 2014,” he said, adding there are between 25,000 to 30,000 enrolment centres in the country.

Noting that this unique identification number is now becoming “an internal passport and gateway” to various services for Indians, Mr Nilekani said by working with various regulators they have ensured that this ID is sufficient to get their services. It enables one to get services quickly and in a hassle free manner, he said.

The country, not the state

Georgia may start using biometric voters lists (Democracy & Freedom Watch)
It is still unknown when this process will start, but the group assumes that it cannot be done before the next presidential election in October 2013, but possibly for the next local election in 2014.

It's all ID nowadays

If the one word for the 60's was plastics and in the 80's it was all ball bearings, the technology touchstone for the 2010's figures to be identity.

The “i” in the next iPhone will stand for “identity.” (Cult of Mac)
When people hear rumors and read about Apple’s patents for NFC, they think: “Oh, good, the iPhone will be a digital wallet.” When they hear rumors about fingerprint scanning and remember that Apple bought the leading maker of such scanners, they think: “Oh, good, the iPhone will be more secure.”

But nobody is thinking different about this combination. Everybody is thinking way too small. I believe Apple sees the NFC chip and fingerprint scanner as part of a Grand Strategy: To use the iPhone as the solution to the digital identity problem.

NFC plus biometric security plus bullet-proof encryption deployed at iPhone-scale adds up to the death of passwords, credit cards, security badges, identity theft and waiting in line.

Apple loves to solve huge, hitherto unsolved problems. And there is no problem bigger from a lost-opportunity perspective than digital identity.

The Boston Consulting Group estimates that the total value created through real digital identity is $1 trillion by 2020 in Europe alone.
Read the whole thing. Stripped of the Apple-worship, it's an astute post.

The link inside the quote above is in the original and the pdf it links to is highly worth a look, as well. From the executive summary...
Increasingly, we are living double lives. There is our physical, everyday existence – and there is our digital identity. Most of us are likely more familiar with that first life than with the second, but as the bits of data about us grow and combine in the digital world – data on who we are, our history, our interests – a surprisingly complete picture of us emerges. What might also be surprising for most consumers is just how accurate and traceable that picture is.
Views on digital identity tend to take one of two extremes: Let organisations do what they need to in order to realise the economic potential of “Big Data,“ or create powerful safeguards to keep private information private. But digital identity can‘t be cast in such black-and-white terms. While consumers voice concern about the use of their data, their behaviours – and their responses to a survey conducted specifically for this report – demonstrate that they are willing, even eager, to share information when they get an appropriate benefit in return. Indeed, as European Commissioner for Justice Viviane Reding remarked, “Personal data is in today‘s world the currency of the digital market. And like any currency it has to be stable and it has to be trustworthy.“ 1 This is a crucial point. Consumers will “spend“ their personal data when the deals – and the conditions – are right. The biggest challenge for all stakeholders is how to establish a trusted flow of this data.
A new type of ID is needed to bind our physical and online selves, payments and hardware. If the tech giants are going to finish off the post office and assume the role of credit card companies, they're going to have to solve the ID problem. If they solve the ID problem, there's really no telling how many other business models they can disrupt.

Monday, April 29, 2013

South Africa: Social grants spokesperson deems biometric technology "a worthy investment"

Analysis: State of the art technology behind SA’s social grants (The New Age)
The latest biometric technology used by the South African Social Security Agency (Sassa) to disburse social grants to about 16 million beneficiaries on a monthly basis is proving to be a worthy investment in making life easier for beneficiaries of social grants.

The number of beneficiaries of social grants in South Africa grew from 2 million in 1994 to about 16 million in February 2013. Of these an estimated 11 million are Child Support Grant beneficiaries.

Since March 2012, Sassa has been engaged in the process of mass enrolment of all beneficiaries using the latest biometric technology. This followed a major announcement by Minister of Social Development Bathabile Dlamini on behalf of the government. The technology includes finger and palm verification as well as voice recognition to ensure that the grant money is paid to the relevant beneficiary at all times.
I didn't realize that the number of people Sassa has to keep up with had expanded eight-fold in less than twenty years. It's probably a god idea to automate fraud detection in a disbursements organization that is growing as rapidly as that. Otherwise, it's hard to see how a fraud detection system that depended upon old-school detective types could keep up. Creating the human capital and cultural climate for their success is a long and expensive process.

A look at biometrics and health care fraud

Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg)
Iris scanners aren’t just for airport border-control agents and spy movies anymore.

Clinics and hospitals around the world are acquiring technology that identifies people based on physical traits to improve patient safety and stamp out fraud. HCA Holdings Inc. (HCA) hospitals in London, as well as health-care providers across the U.S., are buying so-called biometric technologies.
There's not an identity management problem hospitals don't have.

Friday, April 26, 2013

It worked for the credit card companies...

...Adding financial-management tools and rewarding consumers could increase use of mobile phones as payment devices

Accenture survey on attitudes toward using more services via mobile platforms
More than half of respondents who currently use their smartphones to make payments said they were highly likely to pay by phone more often if they could use their phone to track receipts (cited by 60 percent of respondents), manage their personal finances (56 percent), or show proof of insurance (56 percent) or of a valid driver’s license (54 percent).

In addition, more than half of those who currently make mobile payments also said they were highly likely to pay by phone more often if they were offered: instant coupons from retailers when buying by phone (cited by 60 percent of respondents); reward points stored on their phone for future purchases at the store (51 percent); coupons that could be automatically stored on their phone (50 percent); or preferential treatment, such as priority customer service (50 percent).

The changing face of security and access control

Gary Hills, Head of capital development at the British Broadcasting Corp. (BBC) had some interesting things to say at the recent FMP London event. [ed. I'm pretty sure FMP stands for Facility Management Professional, but I was shocked to see how popular the acronym is.]

The BBC is considering using biometric access controls at its buildings. (FM World)
Hills said the first phase of the BBC’s review had seen 15 control rooms consolidated into one.

He added: “Access ID is used – not biometrics yet, but [we are] looking at it for the second phase. [We] think it will be more acceptable now as they have it in schools and colleges.

“Security is now more a building management role and the information that comes through the control room can be used more widely for building management.”
Adam Vrankulj at Biometric Update ties the story back to recent industry forecasts for the access control market.

I predict some real upheaval in the market for security systems and access control. So far, large security providers have been able to keep their market walled off from competition from the providers of other types of networked information technology. If increasing numbers of facilities management professionals see the world as Gary Hills does, those days are numbered.

Thursday, April 25, 2013

Managing the implementation of public sector biometric time-and-attendance

SOUTH AFRICA: Education still pondering biometrics (IT Web)

KUWAIT: ‘Finger’ Attendance To Stay For Firemen (Arab Times)

INDIA: Teachers blocking biometric attendance, DU faces contempt notice (Indian Express)

These three pieces reminded me of: What Human Resource Managers Can Learn from the President of Guinea's Move to Eliminate Ghost Workersstill worth reading in its entirety.

Short answer:
In order to achieve top to bottom buy-in, a manager should consider distributing the benefits associated with better identity management techniques among shareholders/stakeholders, managers and workers.

A bonus for on-time attendance (for example) might raise the morale of workers who were always on time, while offering some consolation to those who saw their ability to milk the system reduced.

A spoonful of sugar helps the medicine go down.

Brainstorming UID with Srikanth Nadhamuni

300,000,000,000,000 biometric queries a day

"...[T]he Aadhaar system was deliberately built as an identity platform as opposed to an end user application, so that government departments and private companies/startups could build their own apps leveraging the platform."

Technology startups have a huge opportunity to leverage the Aadhaar system (VC Circle)

"This is an ecosystem play."

Sometimes we get bogged down in the scale of the enrollment challenges associated with UID. It's good to get back to the amazing scale of possible apps that can be spun out of the ecosystem.

Wednesday, April 24, 2013

Ghostbusting: Communication is key

SIERRA LEONE: Total Misinformation About Rumoured Deletion Of 7, 000 Teachers From Pay Vouchers (Cocorioko)
The Minister of Education, Dr. Minkailu Bah, was the first to challenge those figures, stating that they were too alarming and therefore subject to further verification by his ministry. The Minister therefore suggested that a Task Force, comprising the staff of the firm that carried out the registration; his ministry’s staff and representative from the Sierra Leone Teachers’ Union (SLTU) should conduct a follow up re-verification exercise that should last for 90 days. He asked that Heads of Schools and Proprietors be sufficiently notified so that they too could notify all Teachers on their lists.

During this second phase of verification, Teachers who refuse or do not make themselves available to be properly verified would eventually be deleted from the government pay vouchers, the Minister cautioned.

The SLTU Representative was given a soft copy of this report. Somehow, these representatives from the SLTU decided to send a message to all Teachers around the country, particularly those whose names are on the list for re-verification (7,761), notifying them that they have been maintained as “Ghost Teachers” and therefore their names are going to be deleted from the government pay voucher.
Misinformation shenanigans can't be ruled out but when people's jobs are on the line, emotions can run hot. Good communication about the process can help a lot.

Tuesday, April 23, 2013

What one tweet from a hacked account can do...

Hackers compromise AP Twitter account

Google finance

AP Twitter feed hacked -- no attack at White House (USA Today) 
Social media and the stock market went wild, briefly, on Tuesday when this (hacked) Associated Press tweet appeared around 1 p.m.

I'm off to change the @SecurLinx password now.

Nilekani: UID to cover 600,000,000 by 2014

600 million Aadhaar cards by 2014, says UIDAI chairman (CNBC: Money Control)
"Today we have enrolled 380 million of the 1.2 billion people. Our daily processing is about a million people a day. Our goal is to reach 400 million this year and 600 million by 2014," he said, adding there are between 25,000 to 30,000 enrolment centers in the country.

Noting that this unique identification number is now becoming "an internal passport and gateway" to various services for Indians, Nilekani said by working with various regulators they have ensured that this ID is sufficient to get their services. It enables one to get services quick and hassle free, he said.

You got biometrics in my NFC!

SmartMetrics incorporates NFC into biometric chip card
“This will enable institutions to offer a safer NFC solution than that which is currently available since the NFC Biometric Card will only be turned on allowing NFC communication to be inactive until the user touches the cards fingerprint sensor,” Chaya Hendrick, SmartMetric President and CEO said. “All other NFC technologies are inherently unsafe in that the device is always on providing hackers the ability to capture the NFC information even while the NFC product is not being used. Smartphones are a good example of ‘unsafe’ NFC systems.”

That's not good: 300,000 UID enrollments lost in hard drive crash

Maharashtra loses data of 3 lakh UID cards (Times of India)
The Maharashtra government has admitted the loss of personal data of about 3 lakh applicants for Aadhaar card, an error that has forced the inconvenience of reapplication on unwitting victims and sparked concerns over possible misuse of the data.

Containing PAN and biometric information, the data was being uploaded by the state information technology department from Mumbai to the central Bangalore server of the Unique Identification Number Authority of India when it got "lost". "The information is encrypted when uploaded. While the transmission was in progress, the hard disk with the data crashed. When the data was downloaded in Bangalore, it could not be decrypted," said an official from the state IT department, which is overseeing the enrolment of citizens for Unique Identification number (UID) or Aadhaar card. The data mostly belonged to applicants from Mumbai.
3 lakh = 300,000
That data loss represents a lot of people's time and effort. It will be inconvenient, to say the least, to redo 300,000 enrollments and the data loss has caused some to worry about UID data security.

If the Times of India reporting is accurate though, the data isn't "lost" so much as it is unreadable... by anyone.

Monday, April 22, 2013

India & UID: Connecting the ID and financial infrastructure

FinMin to study progress of financial inclusion, direct benefit transfer schemes (The Hindu)
The Finance Ministry has convened a meeting of the heads of state-owned banks on February 6 to take stock of their financial inclusion drive and readiness to roll out direct benefit transfer across the country.

In the run-up to the general elections, which is only a year away, the UPA Government apparently wants the financial inclusion and direct benefit transfer (DBT) initiatives to reach the bottom of the socio-economic pyramid.

Industry forecast: $2B in biometrics revenues by 2018 in India

India Biometrics Market Forecast and Opportunities, 2018 (Press Release via TMC: Call center Info)
According to "India Biometrics Market Forecast & Opportunities, 2018", the biometrics market in India is expected to cross USD 2 Billion revenues by 2018. The main factors which are driving the growth of biometrics market are lack of data protection, improper border security, terrorist threat, population growth and continual technological changes. The challenges which are being faced by the biometric industries are rough hands and cataract problems, lack of innovation, implementation of biometrics at a grassroots level and cost of production.

Survey: Banking customers willing to share more personal information for more personalized service

Internet of Things and Other Tech Consumers Want from Banks: Survey (American Banker)
A global survey Cisco released Monday offers clues to the types of technology consumers want to use to interact with their banks. One finding was that 69% of U.S. consumers would provide more private information in exchange for more personalized service, higher security against identity theft, and greater simplicity in managing their finances. These enhanced services could harness "the internet of things" in which everyday objects transmit information to a network.

More specifically, 83% of consumers said they would be willing to provide details about their financial habits and have their banks be more active advisors in exchange for greater protection from identity theft. "There's an awareness that identity theft is a very ugly thing to have happen and that banks are naturally going to be targets," says Al Slamecka, marketing manager, Financial Services, for Cisco. Many U.S. consumers (53%) would be willing to offer up biometric identification like a fingerprint in return for better protection against ID theft.
More interesting findings at the link.

Friday, April 19, 2013

Putting the mosaic together in Boston

The post's title refers to the mosaic of information that can be arranged into a picture of the events leading up to the savage acts. The other mosaic, the way things were for so many unique individuals, can never be put back together.

How This Photo of the Boston Marathon Gives the FBI a Bounty of Data (Wired)
The photo — click to enlarge — shows a lot of people, what they’re wearing and where they’re positioned within the crush of Marathon fans. It’s important to law enforcement, as it “can be of use in putting the mosaic together,” says Robert McFadden, a former Navy terrorism investigator. Crabbe’s wide-angle panoramic photo “could be one of the many critical pieces of the map of the investigation.”

The panorama photo was one of seven shots Crabbe snapped with her phone during a leisurely stroll and later handed over to investigators.
The Wired article starts with a single data point (data set, really), a photo, and follows it part-way through the process the FBI has used during its investigation of the recent bombings in Boston.

...putting the mosaic together. It's a good metaphor for how the people charged with figuring out what happened and who did it go about their work. Read the whole thing.

Also see:
What's Going on Behind the Scenes of Bombing Investigation? Forensic Scientist, Former DHS Official Shed Light on Tech and Tactics (The Blaze)
“Facial recognition technology will play a very small part,” Schiro told TheBlaze in a phone interview.

“A lot depends on the quality of the images you have to work with,” Schiro continued noting that lighting, angle and other factors could really limit the use of facial recognition in the case. Not only that but there would need to be some sort of match for it to recognize.

Here's another good article about facial recognition and crime solving. I selected the two paragraphs below because they highlight both the organizational issue of interoperability and the technology issues around matching. There are other interesting insights in the rest of the piece.

Facial Recognition Tech: New Key to Crime Solving (The Fiscal Times)
However, it's likely the FBI was unsuccessful in identifying the suspects using FR because either they didn't have a quality image of the wanted persons, or the suspects were not in any of the databases the FBI has access too, Albers said.
While facial recognition technology has high-accuracy when used to match a clear image of a person with another passport-style photo, it is not as effective when used with low-quality images like the ones the FBI released on Thursday. The standard for facial recognition to be accurate requires 90 pixels of resolution between the two eyes of the pictured person. The pictures the FBI released of the suspects were about 12 pixels between the two eyes, said Jim Wayman, the director of the National Biometric Center.

Facial-recognition technology to help track down criminals – Humans are still better at it (Kuwait Times)

Search for Boston bombers likely relied on eyes, not software (Reuters)

These last two reminded me of the (Facial Recognition vs Human) & (Facial Recognition + Human) post from November 2011.

In the Boston case, it looks like there were two barriers to effective use of facial recognition technology in identifying the suspects. On the "evidence" (probe) side, the image quality was poor. On the enrollment (database) side the only "correct" match was likely to be in a very large database such as the Massachusetts DMV database.

If only one of these conditions were true — for example a bad probe against a small database, or good probe against a large database — facial recognition technology might have been of more help.

Crowd-sourcing the ID challenge to a large number of human beings that operate with a lot more intelligence and information than facial recognition algorithms is another option. It's been used with photographs since at least 1865 and without photographs since at least 1696.

One crowd-sourcing fact that law enforcement officials must consider, however, is that the suspect is almost certainly in the sourced crowd. If the suspect already knows he's a suspect, that's not a problem. If he doesn't already know he's suspected, that information is the price of getting the public's help which means facial recognition technology will retain its place in the criminal ID toolkit.

Boston police chief: facial recognition tech didn’t help find bombing suspects (Ars Technica)
“The technology came up empty even though both Tsarnaevs’ images exist in official databases: Dzhokhar had a Massachusetts driver’s license; the brothers had legally immigrated; and Tamerlan had been the subject of some FBI investigation,” the Post reported on Saturday.

Facial recognition systems can have limited utility when a grainy, low-resolution image captured at a distance from a cellphone camera or surveillance video is compared with a known, high-quality image. Meanwhile, the FBI is expected to release a large-scale facial recognition apparatus “next year for members of the Western Identification Network, a consortium of police agencies in California and eight other Western states,” according to the San Jose Mercury News.

Thursday, April 18, 2013

Not all biometric elections are created equal

Africa's election aid fiasco — It’ll take more than mobile phones and biometrics to make Africa’s elections fair and trusted (The Spectator)
The development industry is as fashion-prone as any other. Fads come and go. There are a few giveaways when it comes to spotting them. Deceptive simplicity is one indication. The idea should have a silver-bullet quality, promising to cut through complexity to the nub of a problem. Even better, it should be a notion that can be rolled out across not just a country, but a region.

Covering the Kenyan elections, which climaxed with the inauguration last week of Uhuru Kenyatta as the country’s fourth president, I suddenly realised I was watching a fad hitting its stride: the techno-election as democratic panacea. We’ll see it again in Mali’s elections this summer.
There is a lot to recommend this article, but I'd caution the author to take things one case at a time rather than encourage a bounce from one extreme — techno-election as democratic panacea — to the opposite: it's all a scam. Of course, neither is true.

As we've so often said: biometric systems are extremely effective tools in the hands of capable managers. They can't do anything, including run clean elections, all by themselves. ID management is about people, after all.

No one should paint, for example, Ghana, Kenya, and Zimbabwe with the same brush. They have almost nothing, not even biometric elections, in common.

Law enforcement interoperability, though little discussed, is a big deal

Tyneside jewellery heist could lead to DNA sharing (Chronicle Live)
A jewellery heist on Tyneside has sparked a review of DNA sharing across Europe that could force police to hand over criminal records to foreign counterparts.

Specialists in Newcastle will spearhead a £1.2m effort to design a database that profiles crimes committed across the continent as part of a controversial EU information sharing treaty.

It comes just 12 months after a convicted murderer and his armed gang from Eastern Europe were convicted of carrying out an armed raid at a Newcastle jewellers.

Led by convicted murderer Marek Viidemann, the ring was linked to at least 150 armed robberies across the UK and Europe before being eventually jailed for a total of more than 30 years.
First, DNA is likely to be a small part of whatever system improvements emerge.  It's expensive and slow compared to just about any other biometric modality or combination of modalities such as finger, face and iris.

From a management standpoint it seems that if you want to have a free flow of people, you need to have a free flow of law enforcement information. This is easier said than done. It's often a challenge even when dealing with adjacent counties in the same state in the US much less, as in the European context, two different countries.

The term for this system compatibility and ability to effectively cooperate among departments is interoperability. It is a managerial and technical challenge that is rarely dealt with in popular depictions of how law enforcement works but, especially as the complexity of the law enforcement challenge increases, it is of critical importance.

Often, there are good systems in place for passing information "up the chain of command," i.e. from street cop all the way up to a state or national information repository, but the information doesn't always flow as freely back down again in the other direction. For various reasons, the formal links between street-level law enforcement officers in neighboring jurisdictions run up through a centralized authority and then back down again, though there are often informal links that bypass the up-and-back-down information flow model. The implications for efficient multi-jurisdictional law enforcement are clear.

Some of these issues came up a couple of years ago in a post. Usefulness of Biometrics in Law Enforcement: Who is the Customer? The analysis there can be extended from biometrics to all sorts of law enforcement IT systems and it has a great deal of bearing on issues like the ones raised by the Newcastle jewelry heist by international criminals.

Many police professionals put a lot more into databases of all types than they ever get out of them. Through biometric technologies and other integration services, SecurLinx works hard to balance that out a bit for our law enforcement customers.

Facial recognition and criminal investigations

Updated & Bumped...
Facial recognition and identifying suspects in the Boston Marathon bombing (Biometric Update)
Since the bombing, authorities have appealed to anyone who was at the event to turn over any video or photo evidence, in hopes that they may hold crucial details in identifying a suspect. Though nothing can be confirmed, particularly in the midst of an investigation, it is likely facial recognition will be used to identify suspects from these photos and videos. So far, the FBI has received more than 2,000 tips.
Auhor Adam Vrankulj strikes the right tone in his article about how facial recognition is going to be applied to investigation of the recent terrible events in Boston. Read the whole thing.

Paul Scheupp, CEO of face recognition technology developer Animetrics weighs in on Fox's "On the Record," last night.

Facial recognition technology could prove key in Boston Marathon bombing manhunt - video embed unavailable.

The Boston Marathon bomber: Caught on film? (BBC)
More personal videos are being shot now than ever before, and such footage could help identify the Boston marathon bomber. But how is that footage processed - and could civilians really solve the crime?

Wednesday, April 17, 2013

Britain's immigration system since 2000

Immigration issues have been hot topics in both the US and the UK.

Visa consultancy WorkPermit.com provides a short recap of the history of the United Kingdom's border management this century.

Former UK immigration boss says system has been out of control since 2000

It's a pretty grim assessment. Turning the situation around will require talented managers operating within a more flexible political environment applying the best technology to the task. Easy for me to say. The technology part, while difficult, is by far the most easily met of those three preconditions for success.

Industry report: mobile malware on the rise

In a departure from our normal biometrics fare, NQ Mobile has a new report [pdf] showing that mobile devices are increasingly being targeted by, and succumbing to, malware developers.

The linked pdf also has a list of the top five most infected markets.

NQ Mobile offers their mobile security suite in both free and premium versions.

Despite warnings that too few people protect access to their mobile device with a PIN, doing so does not prevent authorized users from being tricked into downloading malware. See: The Con is Mightier than the Hack

That means mobile security services are going to be an important factor in keeping the purple bar at the far right of the picture as short as possible.

Tuesday, April 16, 2013

Philippines expands biometric law enforcement capabilities

Philippines: US donates two biometric machines to Immigration (Business Mirror)
Lawyer Maria Antonette Mangrobang, BI acting intelligence chief, said with the biometrics equipment the bureau will now to be able to build a wider and more reliable database of the illegal aliens and foreign fugitives wanted by immigration intelligence personnel.

He said, henceforth, the machine will be used to scan the fingerprints of all arrested aliens, and the data will be kept in a database along with their photographs.

Travelers and Feds agree: Trusted traveler programs should be bigger

With the first person account of the enrollment process at the beginning, the story starts badly for biometrics. What follows is a very good discussion of various trusted traveler programs and how they could fit together in a future air travel identity management landscape.

Travelers Welcome a Customs Shortcut (New York Times)
The programs are all based on the concept of risk management, rather than the unattainable goal of total risk elimination. The idea is to develop standard criteria so the programs can work better with each other. They include Global Entry for international airport arrivals, as well as land-crossing programs like Sentri on the Mexican border (which is also open to approved Mexican citizens), and Nexus, a joint entry program between the United States and Canada.

They also include PreCheck, a program of the Transportation Security Administration that speeds screening at select domestic airports for passengers designated as trusted travelers.

The T.S.A. is working to expand eligibility for PreCheck beyond high-volume travelers chosen by airlines. The agency’s administrator, John S. Pistole, told me he wanted to develop a domestic program that he called “Global Entry Lite,” partly using Global Entry criteria, to increase PreCheck eligibility.
It's good to see many of our regular themes — unattainability of perfection, interoperability, scalability — getting their due in this article.

Tanzania, come on down...

Africa: Tanzania to go digital for 2015 elections (Daily Nation)

Monday, April 15, 2013

UID will be good for the poor

‘Aadhaar-based scheme can reduce corruption in PDS’ (The Hindu)
In a release, he said that kerosene distributed through PDS was one of the largest generators of black money in the country. He has quantified it at Rs. 25,000 crore a year. “This amount plays a crucial role during elections and is also the main reason for the lack of reforms in the public distribution system,” he claimed.
If corruption gets harder, somebody's ox gets gored. It's refreshing to see the argumentum ad hominem go the other way for a change.

The immigration debate: Entry & exit tracking

The topics we hit on in Who's in my country? That's a tough one. are addressed in more depth and from a United States perspective below.

I found the analogy in the brief excerpt below particularly apt.

Immigration reform: What to do about those who arrive legally but never leave? (Alaska Dispatch)
Build a statistical measure of the border’s security? Too complicated. Determine “operational control” over certain amounts of the American southern border? Too undefined. Establish certain levels of infrastructure and security personnel? Too expensive.

That’s part of the over-arching problem: with broad dysfunction in many parts of the immigration and border security system, it has been difficult to marshal the political will and financial resources to fix any one part without a broad overhaul.

“You have an automobile that has no tires, no wheels, no doors, no engine, and then, alright, great, you put two brand new tires on it [and ask] ‘Why doesn’t it work?’” says Rep. Mario Diaz-Balart (R) of Florida, a key House immigration reform negotiator.

Friday, April 12, 2013

It's pretty small...

World's smallest, slimmest and lightest contact-free vein sensor (PhysOrg) It's surprisingly small (6 mm thick) so it's about the size of a stack of 4 US quarter-dollar coins. Click over there and see. There are a couple of good pictures.

Hygiene factors helping to boost the touch-less sensing industry goes a ways toward describing the niche Fujitsu's vascular technologies target.

A humorous meditation on our modern times

Of course there's a biometrics angle...

Dermatitis Could Make Fingerprints Unreadable (Scientific American)
Of course, the study was performed not to elucidate ways by which criminals' hands can help them avoid the long arm of the law. The real purpose was to determine if a lot of people might have problems with increasingly common biometric identification systems. If a thumb scanner must identify your print before you can enter your workplace, a skin condition could leave you out in the cold, perhaps literally, which is only going to make that chapped finger even less readable.
The growth of biometrics is spurring a growth of finger research.

Thursday, April 11, 2013

Tidy touchless tech

Hygiene factors helping to boost the touch-less sensing industry (Companies and Markets) — Loads of health care applications for this. It should be noted that voice, iris and face recognition technically are touchless, too; it's not just palm tech.

Twitter: April Biometric Chat - Growth of Global Biometrics Industry with Zack Martin of Avisian Publications

An archive of the chat is available at Storify

John has updated the M2SYS blog with the questions for the upcoming chat...
  1. Can you explain how Avisian is structured and what topics your publications cover?
  2. Do you see the biometric technology private sector is growing as fast as the analysts are predicting (by 2017 private sector will be a majority of the biometrics market)?
  3. What do you believe are the biggest obstacles to biometrics becoming an integral part of society to prevent fraud, assure electors are who they claim to be, etc.?
  4. We have seen a lot of consolidation in the biometric technology industry; do you believe that will continue?
  5. How will mobile solutions change the market in the future?
  6. Will the recent experiment with using biometrics for retail payments in France developed by National Security and PayTango’s project at Carnegie Mellon ever translate into mainstream use of the technology for the average consumer?
  7. Which biometric modalities currently in testing and additional research and development do you believe stand the best chance to become legitimate hardware solutions in the near future?
Those are good questions sure to make for a lively conversation. Details on how you can participate follow.

April 25, 2013 11:00 am EST, 8:00 am PST, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST)

tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat)

Janet Fouts, at her blog, describes the format:
Twitter chats, sometimes known as a Twitter party or a tweet chat, happen when a group of people all tweet about the same topic using a specific tag (#) called a hashtag that allows it to be followed on Twitter. The chats are at a specific time and often repeat weekly or bi-weekly or are only at announced times.
There's more really good information at the link for those who might be wondering what this whole tweet chat thing is all about.

The prospects for growth in the global biometrics industry, potential obstacles to continued growth, industry consolidation, mobile biometrics for authentication and identification, biometrics for retail payments, and new biometric modalities

More at the M2SYS blog.

Earlier topics have included:
Mobile biometrics
Workforce management
Biometrics in the cloud
Law enforcement
Privacy again
Biometrics for global development
Large-scale deployments

Modalities such as iris and voice have also come in for individual attention.

I always enjoy these. Many thanks to John at M2SYS for putting these together.

Wednesday, April 10, 2013

U.S. Citizenship and Immigration Services adopting biometric verification in field offices

Biometric Data Will Be Collected At Immigration Offices Starting In May (Fox News Latino)
The U.S. Citizenship and Immigration Services (USCIS), the arm of Homeland Security that handles such things as naturalization and permanent residency, or “green cards,” announced Monday that next month it would implement the Customer Identity Verification, or CIV, at its field offices.

The new system will require people to submit biometric data such as fingerprints and photographs, as well as government-issued documentation, when going to immigration offices to conduct business.
Identities will be verified before services are preformed. This is different than simply collecting and warehousing the information. Both law enforcement and identity protection implications are discussed in the brief article.

Consumers seem eager for banks to add voice biometrics

Can voice biometrics help banks restore consumer faith? (Finextra)
Voice Biometrics offers many advantages including the ones below:
  • It removes the human operator from the authentication process
  • It prevents the information obtained through data breaches from being used
  • It removes the need for complex passwords and PINs
  • When properly integrated, it can remove the need to duplicate the authentication process.
Voice is the ideal biometric modality for telephone call center ID.

Tuesday, April 9, 2013

Market forecasts for Face, Hand Geometry modalities

Facial biometrics sector to total $2.9 billion by 2018 (Companies and Markets)
The facial biometrics market has been forecast to reach a total value of US$2.9 billion by 2018, primarily driven by growing security concerns against the backdrop of increasing terrorist attacks, racial and ethnic disturbances, campus violence, random shootouts, riots, burglary, and physical assaults.

Hand geometry industry to be worth $152 million by 2018 (Companies and Markets)
The hand geometry industry has been forecast to achieve a market value of US$151.5 million by 2018, primarily driven by the well established use of the technology in physical access control, time and attendance, point-of-scale, and interactive kiosks.
More at the links.

EPIC sues FBI over biometrics FOIA request

EPIC Sues FBI to Obtain Details of Massive Biometric ID Database (EPIC)
The text of the lawsuit (pdf) is here.

Key bit:
On September 20, 2012, EPIC transmitted, via facsimile, its first FOIA request to the FBI for agency records (“EPIC’s First FOIA Request”).

35. EPIC’s First FOIA Request asked for the following agency records:

a. All contracts between the FBI and Lockheed Martin, IBM, Accenture, BAE Systems Information Technology, Global Science & Technology, Innovative Management & Technology Services, Platinum Solutions, the National Center for State Courts, or other entities concerning the NGI.

36. On September 21, 2012, EPIC transmitted via facsimile another FOIA request to the FBI for agency records (“EPIC’s Second FOIA Request”).

37. EPIC’s Second FOIA Request asked for the following agency records: a. All technical specifications documents and/or statements of work relating to the FBI's development, implementation, and use of technology related to NGI.

38. In both of its FOIA requests, EPIC asked the FBI to expedite its response to EPIC’s FOIA requests because EPIC is primarily engaged in disseminating information and the requests pertained to a matter about which there was an urgency to inform the public about an actual or alleged federal government activity. EPIC made this request pursuant to 5 U.S.C. §552(a)(6)(E)(v)(II). EPIC based the request on the need for the public to obtain information about the NGI program. EPIC cited extensive news coverage of the NGI program and the fact that aggregating these voluminous biometric data has profound privacy implications for U.S. persons.

39. In both of its FOIA requests, EPIC also requested “News Media” fee status under the Freedom of Information Act, based on its status as a “representative of the news media.”

40. EPIC further requested waiver of all duplication fees because disclosure of the records requested in EPIC’s FOIA requests will contribute significantly to public understanding of the operations and activities of the Government.
Here's what EPIC wants:
Requested Relief

A. order Defendant to conduct a reasonable search for all responsive records;
B. order Defendant to promptly disclose to plaintiff responsive agency records;
C. order Defendant to recognize Plaintiff’s “news media” fee status for the purpose of EPIC’s FOIA requests, waive all duplication fees, and disclose all responsive agency records without charge;
D. order Defendant to grant Plaintiff’s request for expedited processing;
E. award Plaintiff its costs and reasonable attorneys’ fees incurred in this action pursuant to 5 U.S.C. § 552(a)(4)(E) (2010); and
F. grant such other relief as the Court may deem just and proper.
We'll see where this goes. Some of the requests — the names of the contracted companies, for instance — seem reasonable. Some of the requests — section 37 in particular — may be a little trickier to comply with. To cite just one reason, it's not unusual for entities that contract with government bodies to share highly confidential information about intellectual property with their customer with the understanding that it will be kept confidential. So, the FBI probably posses information it is unable to disclose that comes under section 37 of the EPIC request.

This FOIA request and lawsuit, however, is a win-win for EPIC. Send a fax. Get access to all sorts of information or gain attention through a lawsuit.

The FBI is probably indifferent.

It's worth noting, however, that in the past EPIC has overshot the mark where biometrics are concerned. In EPIC Fail we discussed EPIC's opinion that facial recognition technology should be banned.

Monday, April 8, 2013

I'm thinking of a number...

Affordable brainwave sensors could make typed passwords obsolete (The Verge)
The last hurdle involved determining what specific mental tasks would be best-suited to this type of authentication — the team wanted the interaction to be as user-friendly as possible. To find the most suitable tasks, the team the brainwaves of test subjects performing seven different mental activities to authenticate their identify. Researched showed that the best tasks for this setup were ones that users didn't mind repeating on a daily basis — the tasks need to be easy, but not too boring.
Interesting sort of behavioral biometric of the brain.

Thursday, April 4, 2013

Man wanted in Colorado for sexual assault of a child discovered by authorities in Texas using biometrics (KVEO)

San Antonio City Council contemplates Airport

Travelers may get through airport faster if city council approves program (WOAI) — Currently CLEAR is available at five airports across the county including Denver, Dallas-Fort Worth, Orlando Westchester, New York and San Francisco.

Biometrics can help bring order out of chaos

Special drive for registration of cycle-rickshaws in Delhi (The Hindu)
After years of harassment from the police and municipal authorities, there is finally some good news for the rickshaw pullers and owners. In compliance with the directions of the Delhi High Court, the East Delhi Municipal Corporation (EDMC) on Wednesday announced a special drive for registration of cycle-rickshaws and rickshaw pullers through their Citizen Service Bureaus (CSB). Likewise, the North Delhi Municipal Corporation initiated the drive on March 25.
According to municipal officials, the process of registration has been simplified and residence proof or proof of purchase of cycle-rickshaw would not be asked from the applicant. The CSBs have also been equipped with biometric machines, to take index finger impressions, and cameras for taking the photographs of the applicants for registration.
This system seems a lot like the recent effort in the Philippines to register all the bus drivers in Manila. Traffic congestion, public safety, and compliance with government licencing are some of the major goals of registration initiatives like these. Biometrics — fingerprints in this case — offer a cheap, convenient means of creating an ID system from scratch i.e. one that doesn't rely on a pre-existing paper trail.

It is this last detail that is often overlooked by those skeptical of biometric systems. It's just impossible for some people to imagine what it would be like to be entirely cut off from the ID infrastructure or how to go about creating one for those who can't prove anything about their own personal history.

What is your date of birth? 
Where were you born? 
What is your father's name? 

 I don't know. 

In cases like the regulation of rickshaw pullers discussed, you don't really need to know anything except that the person attached to this finger paid their fee and is legally entitled to ply their trade. A decent ID system can then be built out from there.

It shouldn't be a surprise that those challenged with bringing some ID order out of chaos are finding a lot to like about biometrics.

Wednesday, April 3, 2013

A simple and powerful facial recognition application

In many ways, the deployment model described in the linked article is the perfect facial recognition app.

It's minimalist, requiring no large database of potentially sensitive information. If, in the case of the most minimal possible system, the database just contains faces it's debatable whether or not the face alone is personally identifiable information (PII) at all which ought to alleviate the concerns of even the most strident privacy advocates. The database can be wiped clean altogether every few hours.

Since matching algorithm developers tend to charge by the size of the searchable database, the small database size should keep the system affordable.

The environment in which the enrollment image is created can be tightly controlled.

The probe image is collected on the same day as the database image, so no one is likely to age by several years, have plastic surgery or grow a beard in the time between photos.

The environment where the probe image is created can also be tightly controlled.

The people to be identified are cooperative users of the system, so it's more like an access control deployment and less like surveillance.

Databases like these are likely to remain very small making error rates manageable by an attendant human being.

See also: One-Time-Only ID Technologies

Automated face recognition speeds up plane boarding (The Engineer)
In use, passengers reaching the ‘self-boarding’ gate pass through an automatic electronic barrier which takes an infrared scan of their face.

This information is checked against the biometric data that was taken at the check-in stage.

When the two sets of data scans are successfully matched, the barrier opens and the passenger can pass through and board their flight.

TSA wants a slick new ID & document management system

TSA To Purchase Credential Authentication Technology In 2014 (HS Today)
A CAT system must verify the identity of air passengers and confirm they are able to travel beyond the security checkpoint for boarding their planes, TSA said in an announcement Monday. It must display authentication credentials to a transportation security officer (TSO) or other qualified operator and ensure proper ticketing of the passenger, instructing the system operator as to what action to take if the passenger is not yet cleared.

The CAT system also must integrate a credentials scanner, technology to authenticate credentials, a graphic user interface (GUI) and an application programming interface (API). Under a separate contract, TSA already has produced the API, which provides an interface with its Security Technology Integrated Program (STIP) for the transfer of passenger data.
Pretty cool. This sounds a lot like the IDTrac product we developed several years back, only we used IDTrac to keep track of bank checks instead of boarding passes. The facial recognition part of what it does is pretty elegant if I do say so myself.

Tuesday, April 2, 2013

The behavioral science of decisions affecting privacy

Profile: Alessandro Acquisti, behavioral economist at Carnegie Mellon University in Pittsburgh (New York Times)
Often, we turn over our data in exchange for a deal we can’t refuse.

Alessandro Acquisti, a behavioral economist at Carnegie Mellon University in Pittsburgh, studies how we make these choices. In a series of provocative experiments, he has shown that despite how much we say we value our privacy — and we do, again and again — we tend to act inconsistently.
Is your personal information worth more than the price of a cup of coffee? Yes and no. (IT World)
It’s easy to be apathetic about abstract terms like “privacy,” but much harder to be so casual if some stranger asks you to, say, share your kids’ schedule and the location of their schools. This is one reason why the terms we use matter so much when talking about user privacy, and why Orwellian definitions of words like tracking, anonymity, choice and freedom are an enormous red flag that should make all of us a little jumpy.
Please read both articles if you're interested in privacy.

Biometrics market forecast...

INDUSTRY FORECAST: Biometric Market Forecast to 2014 (RNCOS)

Key bits:
  • Asia-Pacific region has been emerging as the fastest growing destination for biometric solution applications
  • CAGR of around 21% during 2012-2014
  • AFIS recognition currently dominates the global biometric technology market
  • Other tools are gaining ground
  • Companies are looking for such software products which reduce time spent on integration, and biometric authentication in multi-layer security architecture would be the next big thing in network security.
That last one can be the determining factor for whether or not a Return on Investment rationale exists for adding a biometric capability. At SecurLinx, it also happens to be our specialty.

Start with the applications

10 Big Data Trends From the GigaOM Structure Data Conference (eweek) Good observations having broad applicability in understanding how the recipe for organizational success is being rewritten. Read the whole thing.

Money quote:
While big data might be getting ahead of itself in enterprise promises, it is real in bringing new capabilities to business. You need to think about the skills you have in your company and developing the data skills to adapt to this new model. Open source, which often has a bit of a fringe reputation in the enterprise, will be part of your technology future. Established vendors are going to promise they can give you all the capabilities of the startups with added stability, but I haven't seen any evidence so far. Think about your applications from the outside in, instead of inside out.
The application, not the technology, is everything.

Monday, April 1, 2013

Dangerous criminal escapes holding facility using rubber eyeball

A dangerous and highly adaptive criminal escaped from the regional holding facility in Morgantown, West Virginia today after using a rubber eyeball to hack the facility's iris-based biometric technology.

"Rubber Eyes" McCarthy
The escapee, Thomas McCarthy (pictured), was able to execute his dastardly scheme based upon a bizarre series of coincidences and his genius at exploiting them.

At first, authorities were concerned that an officer at the facility had been careless with his latent iris prints, leaving them strewn all over the jail for any semi-literate reprobate to pick up and do with as he pleased.

Further investigation, however revealed that the flaw in the jail's security lay in the fact that the maintenance staff had succeeded in enrolling a rubber ball that looked like an eyeball in the biometric system. As long as anyone had the rubber ball, they could go about their business of maintaining the facilities while also protecting their privacy. As one staff member put it, "Where I am at any given time is none of the chief's gal-dern business so long as the floors are swept."

The keenly observant McCarthy, however, noticed the staff's subterfuge and, with the aid of his girlfriend on the outside and Alibaba.com, was able to obtain a quantity of rubber eyeballs identical to the one the staff had enrolled. The rest is history.

The evidence
Despite McCarthy's escape, facility chief Strother Martin is looking on the bright side. "Since the minimum order for rubber eyeballs at Alibaba is 5000 pieces, we can in some ways count ourselves lucky that things weren't much worse. If old Rubber Eyes had been better at sharing, the whole place might be empty," he said.

Smartcard enthusiast Will Stephenson had this response: "You're all stupid. None of this would have happened with smartcards."

At the time of this writing, McCarthy's whereabouts are unknown.