Friday, November 28, 2014

Everything old is new again: Bringing back the Bertillion system...

...also known as anthropometry or Bertillonage, the Bertillon system was established in 1882 by Alphonse Bertillon.

Bertillionage relied upon recording various measurements of the human body that were assumed to remain constant over an adult's lifetime. The example above from Jersey City, New Jersey shows ten measurements.

If one accepts "body measurement" as a rough translation of "biometrics," it's hard to argue that Bertillon wasn't the very first proponent of biometrics for identity management.

Unfortunately for the Bertillion system, twin brothers with the same name, same measurements and at the same prison precipitated its abandonment for the new science of fingerprints, aka dactyloscopy.

All of which brings us to this news from Australia...

"Body recognition" compares with fingerprint ID (Medical Xpress)
University of Adelaide forensic anatomy researchers are making advances in the use of "body recognition" for criminal and missing persons cases, to help with identification when a face is not clearly shown.

PhD student Teghan Lucas is studying a range of human anatomical features and body measurements that can help to identify a person, such as from closed circuit television (CCTV) security videos, no matter what clothing the person may be wearing.
As we have said before, any biometric modality can be useful, especially when it is the only piece if information available and this one is obviously conceived of being helpful in forensic investigations rather than in wide-scale identity management applications. Nevertheless, it's good to see the work of one of the early giants of criminal investigation being carried forward into the 21st century.

See also:
The Bertillon System: An Early ID Management System
The History of Fingerprints (and the Death of the Bertillon System)

Wednesday, November 26, 2014

Chip-level vs. App-level security

They're not the only ones — Intel, McAfee working to eliminate passwords by using biometrics (PC World)

Where one deploys a particular security feature can be an interesting call. For computers, most biometrics are deployed somewhere in the software at either the OS (operating system) or application layer. That makes a lot of sense in terms updates and trouble-shooting, but there are more secure approaches.

Is Intel/McAfee looking closer to the chip for the sweet spot to apply biometric ID for access to the computer? This would make a lot of sense, too. It's very secure but it does foreclose some user support options. If the security is in the hardware, it really has to be completely reliable.

A useful metaphor might be a Microsoft update versus a product recall.
OPINION: The tipping point for biometric security (ABC - Australia)
Currently most of us depend on passwords to protect our online identities. But passwords may be the largest security liability of the internet. They have numerous weaknesses that put consumers, corporates and the wider online world at significant risk.
Ultimately, convenience, ease-of-use, speed and accuracy are appealing attributes for authentication and this will drive the adoption of biometrics.

Secure Communities, RIP

Obama Finally Puts an End to Unpopular Secure Communities Program (AllGov)
As part of broader immigration reforms, the Obama administration announced Thursday that the Secure Communities program, which mandated that local law enforcement submit biometric information on those suspected of being undocumented immigrants to the federal government, is going away. In its place will be the Priority Enforcement Program, which specifies that those held must be likely deportable or have a removal order in effect against them.
See also: Obamnesty ends Department of Homeland Security’s Secure Communities program (USA Today)

The tone of the two headlines provides an interesting contrast. Few who knew about the Secure Communities program were ambivalent about it.

Our discussion of the program (maps, statistics, etc.) peaked in 2012.

Friday, November 21, 2014

For some things, 90 minutes is "rapid"

The FBI Is Very Excited About This Machine That Can Scan Your DNA in 90 Minutes (Mother Jones)
The RapidHIT represents a major technological leap—testing a DNA sample in a forensics lab normally takes at least two days. This has government agencies very excited. The Department of Homeland Security, the Department of Defense, and the Justice Department funded the initial research for "rapid DNA" technology, and after just a year on the market, the $250,000 RapidHIT is already being used in a few states, as well as China, Russia, Australia, and countries in Africa and Europe.
One hugely important thing DNA analysis can do that other biometrics can't is to establish familial relationships. This 2011 piece about the RapidHIT technology mentions that the government found in one audit that 80% of relationship claims among asylum-seekers were fraudulent.

That, by itself, guarantees a certain level of demand for DNA analysis. The other use cases mentioned in the Mother Jones article linked at top are interesting, too.

Thursday, November 20, 2014

New Saudi biometric visa policies meet some resistance

PAKISTAN: Travel agents protest implementation of biometric system for Saudi visa applicants (Express Tribune)
“We have written to Etimad three times to come and discuss with us the system but they are not contacting us,” said Khalil, adding that if the system continues in the same manner, then the number of pilgrims from Pakistan would be reduced by half.
Pakistan already uses biometrics pretty extensively in elections and travel documents, so this seems to be more about implementation than biometric acceptance.

Whose ghosts are these?

KENYA: Government officials to be probed over 12,000 ghost workers (Daily Nation)
The Cabinet has ordered government officials be investigated for allegedly colluding to pay 12,000 staff unaccounted for after the conclusion of the biometric registration exercise.

Wednesday, November 19, 2014

Japanese vascular biometrics tech in the banking news...

Hitachi: Malaysian bank keen to adopt biometric reader technology (Astro AWANI)
A Malaysian bank is keen to adopt Hitachi Asia Ltd's finger vein authentication technology solution.

Its senior vice-president/general manager ICT Solutions Business Regional, Mitsuhisa Kajiyoshi, said the new solution would enable the customers to easily access their online bank accounts and authorise payments within seconds, without the need for personal identification numbers, passwords or authentication codes.

Fujitsu Looks To Secure Card Payments With Biometric Data (Tech Week Europe)
Fujitsu says its new PalmSecure ID Match device will make identity verification and card payments more secure by combining a chip and PIN system with its palm-vein scanning technology for multi-factor authentication.

The unit is similar to current point of sale systems and comprises a multi-card reader, its PalmSecure sensor, a touchscreen and a processor board powered by an ARM chip.
It really does seem that Japanese tech firms dominate in hand-vein biometrics.

Face recognition gaining appeal

Analysis of the Global Face Biometrics Market (Companies and Markets)
The global market for face biometrics across government and commercial applications is at the growth phase of the Gaussian curve. North America (NA) and Europe account for a major share of the world market, with this trend expected to continue over the forecast period. Emerging economies such as Brazil, India, South Africa, the Middle East, Russia, and China are expected to embrace this technology, thereby offering considerable growth opportunities.

Biometric visitor exit monitoring back in the news

SIA forms 'Airport Entry and Exit Working Group' with SIBA (Security Info Watch)
The Security Industry Association (SIA) and Secure Identity & Biometrics Association (SIBA) on Tuesday announced the formation of the Airport Entry and Exit Working Group and release of its Identity and Biometric Entry and Exit Solutions Framework for Airports.
A biometric entry and exit monitoring system has been required under U.S. law for a long time now. Maybe the time is right to give it a real try.

Monday, November 17, 2014

Kenya removes 12,500 from public payroll following biometric enrollment

12,500 workers struck off payroll after vetting snub (Business Daily)
More than 12, 500 civil servants were Monday struck off the payroll after they failed to list afresh during the two-month registration exercise that was aimed at weeding out ghost workers.

Wednesday, November 12, 2014

Forecast: North American market

New Report Suggests North America as Growth Leader in Biometric Technology Market (M2SYS)
The report suggests that, “the global biometric technology, types, and applications market is expected to reach $13.89 billion by 2017 at an estimated CAGR of 18.7%,” and that, “North America is a market leader in the biometric technology market.”

What’s interesting about the prediction that North America is positioned as a market leader in biometric technology is that it is arguably the region with the most opposition and resistance to it.
Is that irony, or has the American public's opposition to biometrics been overstated?
How the threat landscape challenges authentication - old and new (SC Magazine)  — The growing cyber-threat landscape poses some awkward questions for present and future authentication methods.

India using biometrics to streamline government interactions with citizens

Technology Can Surely Help Reduce Hardships (The New Indian Express)
Prime minister Narendra Modi on Monday launched the “Jeevan Pramaan” project, a digital version of the “life certificate” scheme that could eventually benefit 10 million claimants. The biometric-based software means pensioners will now no longer have to visit banks every year to give proof of their being alive to continue receiving benefits. Around 50 lakh people draw pension from the central government, and an equal number from state and UT governments. Several PSUs also provide pensions, and over 25 lakh retirees draw pensions from the armed forces. The software will be made available to pensioners and other stakeholders on a large scale at no extra cost. It can be operated on a personal computer or smartphone, along with an “inexpensive” biometric reading device.
For thousands of years, more security meant less convenience. Biometric technologies have the power to change that.

Forecast: Germany law enforcement biometrics CAGR 17.6% through 2018

Law Enforcement Biometrics Market in Germany 2014-2018 (Companies and Markets)
A major driver of the market is the high demand for security. The Government sector, especially the law enforcement bodies, is in need of more secure and protected security measures. The increase in investments by the government in biometric solutions is a major boost for the Biometrics market in Germany.

Further, one of the major challenges that hinder the growth of the market is the accuracy of biometric systems. The accuracy of the biometric system may not be high enough in certain applications such as negative identification or if the fingerprints are faded, which is a special physical characteristic.

Analysts forecast the Law Enforcement Biometrics market in Germany to grow at a CAGR of 17.6 percent over the period 2013-2018.

Turks ready themselves for new ID regime

Turks embrace biometric data for new ID card system (TMC - Cloud Computing)
Next month's roll-out of a compulsory biometric system will end the present different-colored card system – pink for women and blue for men – which Turks have been using for almost 40 years.

While many countries today do not require their citizens to carry ID cards, for Turkey this is just the latest evolution of a well-established identity system. The first Turkish IDs were issued in 1882 and contained essential details such as height, eye color – or whether men wore mustache or beard.

Next month's change takes place against a backdrop of much more modern concerns. As society becomes more conscious about identity theft and hacking, the new cards have created a debate about the security of storing personal data.

Financial account security and biometric modalities

The 5 Best Ways to Protect Your Financial Data From Crooks (The Street)
“It’s premature to declare fingerprints the winner,” said Gil Mermelstein, a managing director with technology-focused consulting firm West Monroe Partners.
The lowest-hanging fruit would seem to be protecting customer information databases with biometric access control systems. Passwords, however complex aren't enough protection against the huge data losses making the news lately.

This article discusses account-level (rather than database level) security and which type of biometric might work best.

London: Biometrics improve the airport experience

Gatwick CIO Eliminates Lines at the Airport (Wall Street Journal)
For two years, nearly 95% of passengers have passed through security at Gatwick in less than five minutes each, said Mr. Ibbitson, speaking Tuesday at a conference. Using technology such as biometrics and touch screens with efficient interfaces, Gatwick has automated processes such as security checks and immigration, improving their performance. This year alone Gatwick has added 2 million additional passengers. “Predominantly, this is down to better airfield management and part of that is down to implementing software as a service tools,” he said.

Tuesday, November 11, 2014

Mobile fingerprint technology will be commonplace

Biometrics: the future of payments (New Zealand Herald)
"The adoption of biometrics is on an exponential curve and is largely as a result of the financial services and payments industry," said Dunstone.

The core uses of biometric data to date have been largely confined to government agencies such as passports and visa application processing as well as in policing but the technology is now starting to be adopted in consumer level devices.

A survey of mobile biometrics adoption

Mobile users safer with biometric security: Report (Planet Biometrics)
A new mobile security report published by Javelin Strategy & Research and Nok Nok Labs has found that mobile users are putting themselves at risk of fraud with flawed password strategies, and that users often prefer fingerprint authentication.

Large company CTO's should read the DHS biometrics RFI

The Office of Biometric Identity Management (OBIM) of the Department of Homeland Security (DHS) stores and analyzes biometric data, digital fingerprints and photographs, and links that data with biographic information to identify/enroll identities and subsequently match or verify the established identities. OBIM is proactively addressing its next-generation architecture and capabilities for replacing the current biometric system. The vision for this activity represents a major investment to ensure that OBIM can continue to accommodate the expected growth of populations and new applications of multimodal biometric identity screening based on OBIM mission and our customers' identity service needs.
Below are some of the things the government is interested in learning more about [warning: link downloads a .pdf file]. Reading through the items below, scalability, interoperability, accuracy and integration with other systems seem to be real priorities for DHS.

It's also worth noting that while these issues have become pressing for this early adopter of large-scale biometric technologies, all large-scale biometrics deployments will have to meet some or all of these challenges eventually. Strategic planners in some of the larger organizations contemplating biometric solutions would be wise to consider the following as early in their development process as possible and to plan for the future.

A. Identity Deconfliction:
OBIM desires a system that has the ability to determine a person’s unique identity based on a combination of biometric and biographic traits and contextual data. Respondents should also detail the best approach to determine a level of confidence based on the combination of traits used in the identification, and should provide methods for continuous identity management, including enrollment of identities, splitting/merging of identities, and updating identity confidence levels based on new information.

B. Advanced Biometric Matching:
OBIM is requesting information on a system through the application of state- of-the-art techniques that can improve the accuracy and efficiency of its biometric services. Specifically, OBIM is interested in learning about:
1. Approaches and architectures for leveraging multiple biometric modalities in very large-scale systems to improve accuracy and identity assurance and to decrease failure-to-enroll rates. The provided information must address multimodal fusion techniques and include the known benefits and architectural limitations of such approaches.
2. Methods to reduce the computational requirements of biometric matching without decreasing accuracy. Examples of such techniques could include ways to decrease the need for full gallery searches (1:N), decrease the penetration rate of 1:N searches, and leverage multiple modalities to reduce computational intensity.
3. Approaches and architectures for decreasing operations and maintenance (O&M) costs for large-scale systems, including system virtualization, footprint, energy usage, and licensing costs.

C. Advanced Biographic Searching:
OBIM is requesting information on a system through the application of state- of-the-art techniques that can improve the accuracy and efficiency of its biographic pre-verify services. OBIM is interested in various approaches for using biographic information to assist in the deconfliction and disambiguation of identity information. The biographic information would typically contain various elements and combinations of biographic information, including name, birth date and location, gender, and citizenship. In particular, OBIM is interested in performance in terms of accuracy, speed, and other performance profiles and products in production or currently in technical readiness testing and evaluation to facilitate more 1:1 transactions.

D. High-Performance Transaction Processing:
OBIM requests information on the status, trends, and direction of large-scale biometric and biographic transaction processing systems and related technologies, including processing speeds and high-volume, high-reliability, and high- availability systems and architectures. Information should also be provided on demonstrated scalability and managing a high volume of transactions with varying response requirements.

E. Business Intelligence Capabilities:
Respondents should provide information on business intelligence architectures, techniques, and software where these capabilities provide better historical, current, and predictive analysis of available biometric and biographic information, including the analysis of both operational and content data.

F. Storage:
Respondents should provide information on current capabilities, trends and alternatives to store, index, and correlate structured and unstructured data in all formats regardless of type or size. In addition respondents should present their ability for organizing and retrieving large quantities of data and/or images (>109). This should also include hardware specifications. The Government is interested in industry’s experience and offerings for tiered and/or distributed storage and in minimizing processing and storage overhead, while maximizing input/output performance, the retrieval of data, application independence, portability, and data integrity.

G. Information Linking:
OBIM seeks information on the best methods and techniques to link data items to unique identities, and to maintain the linkage on an ongoing basis, including capturing additional links, removing links, and providing linkage information to stakeholders as permitted according to a predefined set of business rules. Linked information could be made available in a variety of ways, including publish/subscribe methods. It is assumed that the actual data would still reside in separate systems/databases within and outside DHS.

H. International Biometrics:
Respondents should provide information on developing an architecture capable of supporting and managing a federated international biometric and identity- verification schema with multiple stakeholders worldwide that ensures responsiveness while tailoring privacy, security, and person-centric data to individual stakeholder needs. An analogous business and technical construct might be the topology for international automated teller machines, banking, clearinghouses, and credit/debit cards.

Monday, November 10, 2014

Ghostbusting in Kenya

KENYA: Civil Servants who did not register during the biometric data registration exercise will be removed from the national payroll. (KBC)
The biometric data registration exercise targeted an estimated 300,000 civil servants.

The move was occasioned by regular complaints of a blotted public service full of ghost workers and the soaring wage bill.

EPIC success

Privacy group wins $20,000 in lawsuit against FBI biometric ID program (Red Alert Politics)
Privacy advocates won a lawsuit demanding information on the FBI’s biometric identification program, “Next Generation Identification” (NGI). A federal judge has now awarded the privacy group $20,000 in legal fees and ruled that the public has an interest in obtaining information on the program, the National Journal reported.
The Electronic Privacy Information Center (EPIC) is the group that won the suit.

NEC applying recognition systems to detect counterfeit goods

NEC system enables smart phones, tablets to spot counterfeit goods (IT World)
The system employs what NEC calls “object fingerprint authentication technology” to identify unique patterns in the grain of materials such as plastic or metal. These patterns that are developed during the production of the goods are invisible to the human eye and can be used as indicators to trace the origin of the product and identify if they originated from a company’s factory or are illegal copies. The technology can also be used to improve maintenance and repair work processes in the industrial space.

India: Biometrics for pensioner proof of life

PM Modi launches digital life certificate 'Jeevan Pramaan' for pensioners (Yahoo)
The proposed digital certification will do away with the requirement of a pensioner having to submit a physical 'life certificate' in November each year, in order to ensure continuity of pension being credited into his account. The Department of Electronics and IT has developed a software application which will enable the recording of the pensioner's Aadhar number and biometric details from his mobile device or computer, by plugging in a biometric reading device.

The earlier requirement entailed that a pensioner either personally presents himself before the Pension Disbursing Agency, or submits a Life Certificate issued by authorities specified by the Central Pension Accounting Office (CPAO).
This application sounds like a real benefit to everyone. The pension can be more assured that it isn't making payments to the deceased and pensioners and/or their care-givers save a trip to the "prove you're alive" office.

Thursday, November 6, 2014

Voice biometrics and "the right to remain silent"

Passcode vs. Touch ID: A Legal Analysis (9TO5MAC)
With the suspect in handcuffs, the agent swipes the student’s finger across the phone to access his call history and messages. Once the FBI swipes the suspect’s finger and bypasses the biometric security, the phone asks for the student’s passcode. The FBI agent asks for his password but the student refuses to speak. How can the FBI agent access the phone? Whereas a fictional Federal Agent like Jack Bauer would simply pull out his gun, jam it in the suspect’s mouth and scream, “WHERE IS THE BOMB?”, in our example, the FBI agent would hit the proverbial brick wall.
This is where a gray area might still exist for hardware protected with voice biometrics.

I'm no criminal or constitutional lawyer, but it seems plausible that while a criminal suspect can be legally compelled to give over their fingerprint, the "right to remain silent" remains.

Commonwealth v. Baust probably isn't the last word on all biometric modalities that could prove useful in criminal investigations.

Wednesday, November 5, 2014

Hollywood Tech

Comment: Biometrics and the chances of owning a hoverboard (Planet Biometrics)
If all goes well, movie directors and script writers may in part be responsible for fulfilling my dream of one day owning a hoverboard. I'd hate it if they were also responsible for me not being able to use biometrics as a great technological step forward.

Layering of eye technology for better performance

Computer scientist sees new possibilities for ocular biometrics (
[Oleg Komogortsev and a team at Texas State University] are developing a three-layered, multi-biometric approach that tracks the movement of the eye globe and its muscles, and monitors how and where a person's brain focuses visual attention, in addition to scanning patterns in the iris. The iris is the colored part of the eye.

SecurLinx makes appearance in list of top biometrics blogs

The Top 5 Biometric Identification Management Industry Blogs (M2SYS)
1. Biometric Update
2. Planet Biometrics
3. Find Biometrics
4. SecureID News
5. M2SYS Blog
6. SecurLinx
For details on what they liked about each of the fine resources in the 1-5 spots, you'll have to click over to the M2SYS blog post.

We'd also like to thank Mohammad Shahnewaz, Sr. Executive – SEO, SEM, PPC Business Development & Interactive Marketing Dept. at M2SYS Technology, for including us in his rankings.

A good sign for biometrics

Skills in demand: Biometric security, account executive (SC Magazine)
Salaries for talented account executives in this space typically range from $120k-140k base and on-target estimates for total compensation tend to fall somewhere in the $200k-300k range depending on the amount of business closed each year.

Monday, November 3, 2014

Virginia court rules fingerprint security not protected by 5th Amendment

Police can demand fingerprints but not passcodes to unlock phones, rules judge (Naked Security)
Cops can force you to unlock your phone with your fingerprint, but not with your passcode, according to a judge in the US state of Virginia.
We touched on this in early 2012 in United States: ID Technology & the Bill of Rights which drew inspiration from a bank fraud case in Colorado.

I still think that voice-based technologies may still exist in the legal gray area this case attempts to clear up.

As for fingerprints, those may be taken from persons at the time of their arrest, so it's hard to argue that they are somehow out of bounds for investigative purposes. One may be forgiven, however for wondering what's the big deal. After all, I've been reading for years that finding a latent fingerprint and using it to hack biometric security systems is child's play. So, either the police would rather go to court than use such a simple workaround, or the rubber finger trick is much harder to pull off than some suggest.