Tuesday, October 28, 2014

Biometrics against criminal aliases

Suspect in deputy deaths arrested in Utah in 2003 (Boston Herald)
Police in West Valley City, Utah, said they took a fingerprint from a man using the name Marcelo Marquez during a misdemeanor hit-and-run arrest in 2003. Court records show that he pleaded guilty, received a year of probation and was fined about $500.

However, Utah authorities never connected him to his real name or his previous criminal record.

In Utah, fingerprint data is entered into a biometric database for all people booked into jail. But for those who are cited and released, police take a print from a single finger that's kept in state criminal records.

Unless there's a request from an investigator, the print is not run against the biometric database to determine whether the person has a prior record outside Utah or is using an alias, said Alice Moffat, director of the Bureau of Criminal Identification.
Biometrics are a great way to root out criminal aliases, but only if procedures are in place to run the biometric search.

NYPD getting mobile fingerprint tech

NYPD Equips Officers With Biometric Smartphones (Government Technology)
New York Police Department officers and vehicles are to be outfitted with new technology as part of a $160 million program that will lead to fewer arrests and more summonses after being fully implemented next year, Mayor Bill de Blasio told reporters on Oct. 23.

All 35,000 NYPD officers will be equipped with smartphones that allow officers to search databases, view wanted posters and scan suspects’ fingerprints.

Friday, October 24, 2014

Interpol meeting to discuss facial recogntion

INTERPOL to begin the process of developing international facial recognition standards (Eurasia Review)
The two-day meeting (14 and 15 October) gathered 24 technical and biometrics experts and examiners from 16 countries who produced a ‘best practice guide’ for the quality, format and transmission of images to be used in facial recognition. It will be circulated to all 190 INTERPOL member countries to serve as a guideline for improving the quality of images necessary for accurate and effective facial recognition.

Thursday, October 23, 2014

India: Critics coming around on UID?

Home Ministry praises the Aadhaar project (Economic Times)
Once a strong critic of the Aadhaar project, the Union home ministry has now effusively praised the project in a letter to all states, saying Aadhaar's biometric identification process eliminates "the threat of any fraud or bogus activity."

LA County: Stop and Scan

The Pasadena Weekly has just published an article purporting to describe LA County's plans to populate the FBI's next generation ID system with data gathered in the field.
On Sept. 15, the FBI announced that the Next Generation Identification System was fully operational. Now that the central infrastructure is in place, the next phase is for local jurisdictions across the country to update their own information-gathering systems to the FBI’s standards.

When the system is up and running in L.A., any law enforcement official working in the county, including the Los Angeles Police Department, would collect biometric information on people who are booked into county jails or by using mobile devices in the field.

This would occur even when people are stopped for lesser offenses or pulled over for minor traffic violations, according to documents obtained by The Center for Investigative Reporting through a public records request.

Officials with the Sheriff’s Department, which operates the countywide system, said the biometric information would be retained indefinitely — regardless of whether the person in question is convicted of the crime for which he or she was arrested.
If this report is corroborated, I suspect we'll be hearing a lot more about this.

Tuesday, October 21, 2014

Spain-Gibraltar border getting biometrified

Spain’s Ministry of Security to implement biometric border control management system (Biometric Update) — "The budget to implement all changes for the smart border between La Linea de la Concepcion and Gibraltar will amount to 7.3 million euros."

Turkey looks to biometrics to enable structural change

Upcoming reforms in Turkey to ban any actions against statehood (Trend)

UPDATE:
Via twitter, @canmutlu writes that the article linked above refers to biometric national ID cards rather than (as the article states, twice) passports.

This rings true from a practical standpoint, and based upon this short article from Planet Biometrics: Turkey’s PM unveils biometric ID card plan.

We very much appreciate his pointing this out.

UPDATE II:
It looks like someone at Trend got the message, as well.

New biometric identity cards to be issued in Turkey (Trend)

Monday, October 20, 2014

Protecting customer data

After Massive Data Breaches, Businesses Move to Make ID More Personal (ABC News)
The cost of a data breach is terrifyingly high. Home Depot estimates that the massive data breach that affected 56 million customers this summer will cost the company several hundred million dollars—and that’s the figure they are using to assuage fears on the Street. The reality is probably much higher. Target’s breach may top out at the $1 billion mark. While the jury hasn’t even been empanelled as to what the JPMorgan breach will cost, it will leave a mark that will no doubt make news down the line.

With so much to lose, the implementation of biometrics-based consumer authentication may be the cheaper option for companies that handle the kinds of information hackers find so irresistible.
We've been saying it for years. All databases containing sensitive customer information should be biometrically protected. It's just good business.

Australia: "Foreign fighters" bill invites debate

Opposition grows to storage of photo and biometric data (Sydney Morning Herald)
The legislation specifically clears the way for all Australians as well as foreigners to be photographed when they leave Australia and when they return if they go through automated passport gates – which are set to become far more commonly used.

The department estimates that between 40 and 60 per cent of the 35 million travellers leaving and entering Australia each year would be photographed, many millions of them Australians.

The department can also share the biometric information for "specified purposes" according to the bill's explanatory memoranda, though it does not explain what these purposes are.
"Critics say the danger of such information being hacked is profound, given many personal electronic devices are now secured by fingerprints and iris scans."

A couple of points that we've made before come to mind here.

First, if the government of Australia is incapable of keeping citizen information secure from hackers, is the biometric information of international travellers really a top-order concern? Surely, the government already secures information that is much more valuable to hackers than that.

Second, passports are interesting in that they aren't just ID's. They're also an interoperability technology, a way two governments facilitate their agreement related to the treatment of civilian citizens traveling abroad. They only work unless there's a government on both sides of the equation and any government on its site of the border can collect just about whatever information it desires as a condition of allowing a non-citizen entry into its territory.

Even if Australians reject the "foreign fighters" bill, they will still be subject to the information requested of them by the countries they visit, and that information can be shared back with Australia on a government-to-government basis.

With globalization and the lowering of cultural boundaries among the international travel set, it can seem like international travel is no big deal. Brussels is, in many ways, a lot like Washington, DC. But international travel is not without security risks to the visited country and international travelers should always be aware that their legal status outside their home country is very different than it is at home.

Abu Dhabi bank to introduce voice recognition technology

UAE: End of the Pin number? ADCB to launch voice recognition service (The National)
The biometric technology used by ADCB works by comparing the caller’s voice to a pre-recorded sample given by the client, ADCB said.

That will allow customers to get on the phone with a bank representative quicker while reducing the chances of fraud.

“In this competitive environment we need to make sure that customer convenience and ease of access are effectively balanced with information and transaction security,” said Ravi Nair, the head of customer experience at ADCB. “The voice biometrics technology will play a vital role in ensuring increased security and convenience at the same time, while making client calls shorter and reducing our overall cost to serve.”

Friday, October 17, 2014

Here we go

MasterCard teams up with Zwipe to launch first payment card with fingerprint sensor (CIO)  — The built-in biometric sensor is used to authorise payments in less than a second instead of the traditional chip and pin method.


Alipay, the Alibaba Group unit that is China’s largest electronic payments service, is now rolling out biometric authentication (Pymnts.com)

Wednesday, October 15, 2014

No need to mischaracterize voice biometrics in call centers

Amidst all the attention banks are receiving over the use of voice biometrics to prevent fraud, It's worth noting a couple of things.

First, according to the widely linked AP article, "The technology, sometimes called voiceprinting, is aimed at bad guys rather than legitimate customers, but legal and privacy experts alike still have reservations about the practice." So, the systems in place seem to work by collecting information on known and suspected fraudsters and placing them on a watchlist (listenlist?). This makes sense. Technically, it's far easier to be on the lookout for a handful of persons of interest than it is to make a positive ID on every single caller.

Second, there are a lot of way over-hyped headlines out there that make it appear as though financial institutions are collecting voice biometric information on unwitting customers on a vast scale.

Take:
Some Banks Collect Voiceprints During Service Calls to Identify You (Salon) 

Technically, this Slate headline isn't even true since according to the source it cites, the voiceprints are being used to identify fraudsters, not to verify the identities of account holders.

Then there's this.

Banks Harvest Callers' Voiceprints to Fight Fraud, which is the unfortunate headline of the very AP article that acknowledges that the systems function as criminal watchlists rather than a "harvest" of biometric information.


Monday, October 13, 2014

New iPad Air Leak Shows Touch ID Sensor (Web Pro News)


Indians give nod to surveillance of govt officials (Today Online) — The new transparency scheme for government employee time-and-attendance seems popular.

Banks Use Callers' Voiceprints to Fight Fraud

Computers with voice recognition are being used--sometimes discreetly--to add extra security during calls with customers. (Inc.)
"We lost everything," she said. "Can you send me a card to where we're staying now?"

The card nearly was sent. But as the woman poured out her story, a computer compared the biometric features of her voice against a database of suspected fraudsters. Not only was the caller not the person she claimed to be, "she" wasn't even a woman. The program identified the caller as a male impostor trying to steal the woman's identity.
The mechanics of how the banks are using voice analysis are pretty interesting. By focusing on known or suspected fraudsters, it reminds me a little bit of the Nevada Gaming Commission's Excluded Person List.

Friday, October 10, 2014

Why biometrics will be the key to mobile payments adoption (Bank Systems & Technology)
Until making a mobile payment becomes faster than using a credit card, mobile payments will be stuck in low gear. And the key to making mobile payments fast is to use biometrics to solve the authentication problem and eliminate the need for consumers to enter a password.

Maybe one day



The White House Cybersecurity Czar Wants to Kill Your Password (Roll Call)
Michael Daniel, the White House cyber czar, says he isn’t just worried about bad passwords as a security liability. He doesn’t even want the password around anymore at all as a big part of computer security.

“Frankly, I would really love to kill the password dead as a primary security method, because it’s terrible,” Daniel said Thursday.
I reckon the password will live a good while longer, yet. Simply put, it does so much work for so little effort. It's return on investment is through the roof. Also, we're at a point where things that aren't people need to identify themselves to computer systems and they don't have biometrics.

Biometrics can be used to eliminate passwords in many applications. For higher security identifications, biometrics can be used to stem the tide of increasingly complex passwords and move back toward the simplicity of the PIN.


See also: More on the Awesomeness of Passwords

Airline biometrics for security & convenience

Forget E-Tickets, Alaska Air Mulling E-Thumb for Boarding (Bloomberg)
Alaska Airlines (ALK) is exploring using passengers’ fingerprints to replace travel documents, driver’s licenses and credit cards now needed to navigate from airport curbs to jetliner seats. If successful, it would be the first U.S. carrier to employ biometrics for boarding passes and inflight purchases and could spur wider adoption across the industry.
Biometrics can add security and convenience at the same time. It looks like people are starting to recognize it.

Hungary: Some fans bristle at stadium palm vein scanners

Soccer-Ferencvaros fans upset by biometric 'intrusion' (Yahoo!)
Szebasztian Huber, editor of the Fradi fan website ulloi129.hu said many fans also fear that technological developments would help clubs pass Hungarian Football Association fines -- which they regard as too strict -- on to them.

Stricter stadium rules also puzzle fans because the number of violent incidents in and around Hungarian stadiums is much lower than 10 or 20 years ago, he added.

"The culture of soccer fans is different everywhere, in some countries (vein scanners) would be tolerated, while elsewhere fans could be upset," Huber said. "Launching the system highlighting its comfort functions could increase tolerance."

Thursday, October 9, 2014

Smartgates and the tightening of UK & Australia borders

AUSTRALIA: 'Foreign fighter' laws leave door open on biometric data collection (Computerworld)
The government's second tranche of national security legislation, the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill 2014, includes measures that potentially allow a significant increase in the types of biometric data collected at Australian airports.

Provisions in the bill also extend to Australian travellers data collection practices that have previously been confined to non-citizens.


UK: New biometric border controls at Stansted Airport at heart of terrorism fight (Herts and Essex Observer)
"We are using resources and intelligence to ensure the border is as strong as we can make it."

He said the Government was also committed to tackling the problem of those travelling from the UK to the Middle East to join the IS jihadists and a new counter-terrorism Bill was set to include measure to temporarily remove the passports of those suspected of being radicalised and ready to fight abroad.

More on India's public employees time-and-attendance portal

Big Brother Modi is watching bureaucrats (Reuters)
"This is Big Brother stuff but very effective. It's not just the central government. The state governments are trying to emulate this."

The Prime Minister's Office will also take part in the scheme, said Dash, although it was not clear whether Modi would be enrolled.

Project mastermind Sharma, who holds the rank of secretary at the government's Department of Electronics and Information Technology, could not immediately be reached for comment. The Biometric Attendance System showed he had signed in at work at 13:55:16 p.m. on Thursday.

Screen grab: attendance.gov.in



Meet the man who built the awesome online attendance system for India’s government officials (Quartz India)
Now, 59-year old Sharma is building an attendance system for India’s central government employees that is inexpensive, publicly available on the internet—and potentially, a simple tool that could revolutionise governance in the country.
...
The entire system is searchable, down to the names of individual central government employees, and all the data is available for download. And with that single step—making the entire platform publicly accessible—the government has introduced a level of accountability and transparency that India’s sprawling bureaucracy is unaccustomed to.

Wednesday, October 8, 2014

ESPN does "Biometrics"

ESPN does "Biometrics" and the results leave the ten or twenty, or so, of us who believe that a heart monitor isn't a biometric device a little disappointed.

Indeed, it appears we are losing the great Biometrics vs. Biostatistics debate. Back in 2011, we made the case for distinguishing between biometrics and biostatistics as follows.

Biometric = body measure.

Biostatistic = body status, state, or condition.


Biometrics for identity management concern facts about the physical human body that don't change (or don't change much) over time.

Biostatistics, on the other hand, are useful precisely because they change, sometimes radically over short or long time-frames.

ESPN provides the latest evidence that our plea has fallen upon deaf ears in New biometric tests invade the NBA.
But what might come as a surprise is how significant that explosion has been, and how far its blast radius might soon reach. The literary specter haunting sports' burgeoning Information Age is no longer Michael Lewis and Moneyball but George Orwell and 1984.

The boom officially began during work hours. Before last season, all 30 arenas installed sets of six military-grade cameras, built by a firm called SportVU, to record the x- and y-coordinates of every person on the court at a rate of 25 times a second -- a technology originally developed for missile defense in Israel. This past spring, SportVU partnered with Catapult, an Australian company that produces wearable GPS trackers that can gauge fatigue levels during physical activity. Catapult counts a baker's dozen of NBA clients, including the exhaustion-conscious Spurs, and claims Mavericks owner Mark Cuban as both a customer and investor. To front offices, the upside of such devices is rather obvious: Players, like Formula One cars, are luxury machines that perform best if vigilantly monitored, regulated and rested.

But to follow this logic to its conclusion is to understand why the scope of this monitoring is expanding, and faster than the public knows. Teams have always intuited that on-court productivity could be undermined by off-court choices -- how a player exhausts himself after hours, for instance, or what he eats and drinks. Now the race is on to comprehensively surveil and quantify that behavior.
It's possible that some employers have delusions tending rather to Big Brother. The article linked here, however, has nothing to do with biometrics as we discuss them here: as identity management tools.


Also...
The headline writer's passive voice has "biometric tests"ex nihilo "invading" the NBA. Tests and monitoring, biometric or otherwise, can't assert themselves. Technology, biometric or otherwise, is about people.


Tuesday, October 7, 2014

Philippines: Biometric voter registration in shopping malls

Voters’ satellite booths open in malls (Inquirer.net)
The Commission on Elections (Comelec) has opened satellite voters’ registration booths in selected Robinsons malls in Metro Manila to encourage more people to register and have their biometrics taken for the 2016 national elections.

UAE to open biometric visa enrollment center in Sri Lanka

UAE opens its first visa issuing centre outside the country in... (Emirates 247)
The new visa centre serves 500 customers every day and uses passport authentication and biometrics such as fingerprints, eyeprints and faceprints, and medical tests conducted at 15 Sri Lankan centres accredited by U.A.E. Ministry of Health, in order to identity, and prevent entry of individuals with contagious disease.

The procedures will save costs of recruitment, quarantine and deportation and improve customer service as they are aimed at providing excellent consular services fulfilling internationally recognised standards.

India: Biometric time-and-attendance with a web portal

Indian government launches website to track attendance of government employees (Economic Times)
Using UIDAI, Prime Minister Narendra Modi-led NDA government has launched a Biometric Attendance System (BAS) for government employees. Attendance.gov.in has been launched to keep a track on the attendance records of employees.

Under the system, an organisation needs to register on the website. According to the website, "A back-end administrator will check the details of the organisation submitted and make the organisation active by assigning it a unique sub-domain which will be the first name of the website."
This is similar to a system we designed for a customer serving an education ministry in West Africa, only much bigger.

Also, from Business Insider:
In a bid to ensure improved work culture in central government offices, the NDA government has taken a revolutionary step. It has introduced Aadhaar-based biometric attendance systems to monitor and track the work of Central Government employees. The attendance system is now up and running; and you know the best part is that it is accessible even to general public on attendance.gov.in.

Monday, October 6, 2014

No, they won't.

Lip Movements may be Your New Password! (Indian Republic)
A new study has now found that each person moves their lips slightly differently when they talk, and this new information opens up the possibility of computers that can be unlocked with a word through lip-reading.
This one is going on "the list."

IDC Comment: Biometric Identification in Financial Applications

International Data Corporation (IDC) Analyst: Banks should precede with caution (IDC)
"While improving authorization experience is attractive and will help adoption of mobile banking services, financial institutions should not just blindly commit to mass market biometric identification solutions, especially those provided by third parties via publicly-available APIs", says Andrei Charniauski, Research Manager at IDC Financial Insights.

Security screening market forecast

The global security screening market is expected to reach $9.10 Billion by 2020; at an expected compound annual growth rate (CAGR) of 9.46% from 2014 to 2020 (Markets and Markets)

Wednesday, October 1, 2014

Exorcising the biometric bogeyman

Shedding light on Florida’s biometric ban (Secure ID News)
For Florida State Rep. Jake Raburn (R – Valrico) one of the bill’s sponsors, it’s a privacy issue. “No one, including the federal government, should be allowed access to our students’ personally identifiable information,” Raburn said. “This legislation will protect this sensitive information and prevent its misuse.”

The Pinellas County school district, near Tampa, uses palm scanners to move kids through lunch lines. Barbara Dalesandro, a food service technology coordinator for the district, tried to convince lawmakers to reject the legislation.

“When we had cards and PIN numbers, there was constant fraud. Other students always drained the accounts. There was a significant loss of revenue in that regard,” Dalesandro said. “We’ve been using palm scanning for four years with no problems from our parents.” - See more at: http://secureidnews.com/news-item/shedding-light-on-floridas-biometric-ban/#sthash.EBTXaPnZ.dpuf