Large customers need biometrics to be more convenient

Fingerprints still too unreliable for banks (MIS - Asia)

Still, organisations across multiple sectors are exploring the use of several types of biometric technologies. The Australian Passport Office last November issued a tender for new biometrics technologies.

The organisation has been using facial recognition for its passport production process since 2005.

In 2012, ANZ Bank said it was exploring using fingerprint recognition technology to replace traditional PIN codes.

Parker said there an interesting discussion under way now about how secure a transaction has to be and how much organisations and consumers are you willing to pay for a certain level of security.

"If you're protecting the front door or the control panel of a nuclear arsenal, you probably want to spend a lot of money on security to make sure it's top grade and nobody can get through it.

It looks like people are starting to come to grips with the "compared to what?" and "perfect vs. good" arguments we've been making here for a while now.

We'd also suggest a revised headline for the article linked above: "Fingerprints not Convenient Enough for Large Customers." We'd agree with that one.

As it stands now, biometrics algorithm developers and large system vendors aren't really finding much success at supporting customers for whom ID management isn't their primary business. And nearly all organizations for whom ID management is their primary business are government entities. This goes some distance toward explaining why the private market for biometrics has been slow to develop.

It's also the challenge we have built SecurLinx to meet. In this example, banks aren't in the ID business; they're in the money business, but they do have to get ID right — or at least predictably wrong — in order to do their job. Magnetic stripes, sixteen digit numbers and passwords aren't great, but they are predictable. They are convenient at an affordable cost.

Biometrics companies must deliver solutions to customers that can add security and at least come close to the convenience of the systems they seek to replace.

LastPass Adds Galaxy S5 Fingerprint Scanner Support — This is the kind of stuff Apple won't be doing any time soon.

TECH WORLD: Cambridge students look to create fingerprint scanner for rural healthcare — Great app, but it seems more like a software & integration project. Hardware isn't the reason you don't see more projects like this. The culprits are interoperability and stove-piping, for starters.

Twitter: March Biometric Chat - Large Scale Deployments with Accenture's Cyrille Bataller

UPDATE March 28, 2013:
John has posted the chat transcript at Storify.





When:
March 28, 2013 11:00 am EST, 8:00 am PST, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST)

Where:
tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat)

What:
Tweet chat on the use of biometric identification for border control, ePassports, visa applications, and voter registration with @CyrilleBataller of @Accenture. Mr. Bataller appears in the video Biometrics and Privacy: A Positive Match available at the Accenture site here. I'd embed it if I could.

Topics:
Topics: The use of biometrics to secure borders, process visa applications & ePassports, and secure voting registries

More at the M2SYS blog.
UPDATE: Questions for the upcoming chat

Earlier topics have included:
Privacy
Mobile biometrics
Workforce management
Biometrics in the cloud
Law enforcement
Privacy again
Biometrics for global development

Modalities such as iris and voice have also come in for individual attention.

I always enjoy these. Many thanks to John at M2SYS for putting these together.

Who's in my country? That's a tough one.

Philippines will deploy biometrics for documenting the arrival and departure of international travellers (FutureGov Asia)

BI Commissioner Ricardo David Jr said the programme will enhance the country’s border security and boost the agency’s capability to thwart the entry of foreign terrorists and other illegal aliens.

The new scheme involves the use of an ink-less device and digital camera in capturing the fingerprints and photographs of the foreign visitors.

Doing something like this is easier for some countries than others. The Philippines has some advantages and challenges. Advantages include the lack of land borders with other countries. Since it's an archipelago, they can be pretty sure that no one is walking or driving there, so except for clandestine boat or plane landings, covering the sea- and airports takes care of it. But there are a surprising (to me) number of those, so the integration challenges are real.

Also relevant to integrating the entry and exit points is the percentage of international travelers who enter a country through one international travel node and depart the country from another.

The more nodes, the more travelers, the more complex the travel patterns of international visitors, all of these things place additional pressures on any sort of entry/exit system and these complexities don't necessarily increase as a linear function.

Of course all of this has bearing on the United States which has every challenge there is. It's not surprising that, biometrics or no biometrics, the US lacks a comprehensive integrated entry/exit system. A couple of good pilot projects might go a long way towards getting an idea of the exact scope of some of the challenges, though.

Australia to test drive ABIS developed for US by Northrop Grumman

Australia to test biometric system (UPI)

Australia's Defense Department has received a trial proof of concept for an automated biometric information system from Northrop Grumman.

The proof of concept, modeled after the U.S. Department of Defense Automated Biometric Identification System, will be used to produce biometrically enabled intelligence.

Biometric deployment winners and losers

This article describes a fingerprint system implementation that isn't going too well.

Northtown is one of 20 child-care centers in central Mississippi taking part in a Mississippi Department of Human Services pilot program. DHS administers the state's child-care assistance, or certificate, program for poor families and pays providers like Kay who accept the certificates. Starting Sept. 4, parents and guardians of children receiving a subsidy must scan their finger when dropping off or picking a child up from day care.
...
Kay and other child-care center operators say implementing the new system has been nothing short of nightmarish and that the problems are eating into revenues. Although DHS trained workers on how to use the machines, training parents is left up to the individual centers, meaning that a member of Kay's staff must remain on standby at all times to help people work the machine. Also, because the system relies on unique finger scans, staff members cannot override the system or check the kids in and out when parents forget. When that happens, providers might not get paid.

No analysis of why state subsidized day care centers are being asked to prove that they are actually providing the service for which they are paid (using a parent fingerprint). No analysis of why it is a burden to have someone on standby to facilitate/control/monitor who picks up and drops off children. No explanation of how or why parents are allowed to forget to check their children in and out of the child care facility.

A system as lax as the one obliquely described in the article is, of course, likely to become a magnet for fraud. That's bad. What is much worse is that a situation where no one is keeping track of who is taking children away from a child care facility is a tragedy waiting to happen.

If the subsidized day care system in Mississippi was ticking along flawlessly, it's hard to imagine someone deciding that it would be a great idea to implement more rigorous identity management measures. That's just not the way things work. Frequently, biometric systems are brought in to shore up flaws in a system.

The costs and benefits of shoring up flaws in a system, however, are unlikely to fall upon/accrue evenly throughout an organization. For example: The return on investment of a biometric time and attendance implementation is paid by those who benefited from a more lax system and accrues to the firm's owners. The people who lose out in the transition aren't necessarily right, but they aren't necessarily without power, either.

Without significant insight, it's easy for managers to get caught off guard by push-back from those whose interests are undermined by more efficient operation. This is where a good biometric system integrator can really do themselves and their customers a favor by understanding their customer's business and helping the customer to anticipate and mitigate obstacles to a successful implementation. It's not enough that a solution succeed on its technical merits as if deployed in a vacuum, though it must do that. It must also succeed operationally in support of the people who carry out the organization's objectives. Successful integrators meet customers where they are and leave them better off than they found them.

Four Seventh Grade Girls Bring Facial Recognition to the People

This is a very cool story involving market research, technology, training and integration. Congratulations to the Rocky Run Seventh-grade eCybermission team.

Rocky Run Girl Power: Seventh-grade eCybermission team is second in Virginia (The Connection)

“Our project was about biometrics and how people use passwords and user ID every day to access various online resources,” said Rashel. Aisha explained that biometrics is comprised of the individual characteristics used to identify a person.

“We did a survey at the Chantilly Library and discovered that 76 percent of the people didn’t know what biometrics was — and the 4 percent who did didn’t consider using it.”
...
They decided to share their solution with the community. “So we set up an experiment in the library, having people try it out,” said Nayana. “Then we gave them a follow-up survey on biometrics to get their feedback,” said Aisha.

“Over 70 percent said they liked the facial-recognition software and thought it was more efficient and secure than the traditional method of logging on,” said Rashel. It’s important, said Aisha, because “This is one of the many things that people forget to keep secure.”

Read the whole thing.

European Central Bank Sees a Role for Biometrics in Improved Banking Standards

ECB launches consultation on secure internet payment standards (V3.co.uk)

Under the ECB plans, internet payment providers would need to ensure that customers are able to “strongly” identify themselves before a payment was processed.

This strong identity would have to include two of three proposed elements: a password; something belonging to the customer, such as a token, a smart card or mobile phone; or some form of biometric check.

United States and Belgium Sign Agreement to Prevent and Combat Serious Crime

Agreement includes the exchange of biometric information (Investors Business Daily)

Under the agreement, Belgium and the United States will leverage state-of-the-art technology to share law enforcement data, including fingerprints, to better identify known terrorist and criminals during investigations and other law enforcement activities. The agreement authorizes the use of specific mechanisms for sharing vital information to help prevent serious threats to public security, and requires measures to ensure the protection and privacy of citizens in both countries. In fact, the PCSC contains numerous provisions pertaining to the handling, sharing, and retention of relevant data, all designed to ensure privacy and data protection.

Like with yesterday's post, India: UID is the Easy Part, obtaining the data is only a first step toward using the data. Using the data often requires non-technical solutions such as mutual agreement among interested parties.

Biometric System Integration: New Counterterrorism Datamart

Counterterrorism effort gets new tech (Federal Computer Week)

Furthermore, the center increased its ability to store, compare, match and export biometrics such as fingerprint, facial images, and iris scans, he said. He added that the center continues to honor all civil and privacy protections.

Before December 2009, analysts at the center worked manually to search and integrate information residing on various databases. Now the center is working to bring those databases together into the Counterterrorism Data Layer, a single environment in which data can be searched and analyzed.

“For the first time, NCTC analysts can search across key homeland security and intelligence information and get back a single list of relevant results,” Olsen said.

It's one thing to install a biometric system in a single location. It's quite another to tie together several geographically dispersed systems that use different biometric modalities and the offerings of many different biometrics providers.

There are technical integration challenges. Security challenges involving the security of the data as it moves from node to node as well as logical access control at legitimate nodes.

As daunting as the technological challenges are, the human challenges may be more significant. Getting different bureaucracies to cooperate in this manner is a very difficult management task.

The government case is instructive because if a given organization is large enough to profit from an integration effort, it will confront these issues.

Biometrics Used to Help Combat Human Trafficking

Southeast Asian anti-human smuggling force quietly set up (Embassy - Canada)

"Destination countries" have already laid down a framework of bilateral agreements designed to address cross-border issues, including human trafficking through the Five Country Conference.

On a practical level, Canada, Australia, New Zealand, the United Kingdom and the United States have agreed to share biometric information, such as fingerprints, with each other to lessen immigration fraud. Under the High Value Data Sharing Protocol, Canada would be able to compare fingerprint information of asylum seekers with those stored in a partner country's immigration databases. Bilateral agreements were brokered through an immigration and border security forum called the Five Country Conference.

"Source countries" are beginning to develop the institutional, political and technological resources necessary for effective cooperation with the Five Countries.

Rohan Gunaratna, head of the International Centre for Political Violence and Terrorism Research at Nanyang Technological University in Singapore, said the centre of gravity of human smuggling networks in the region has shifted to Malaysia and Indonesia—even as they maintain a significant presence in Thailand.

The Canadian government has established a presence in Malaysia and Indonesia, he said, including some officials working with the Bangkok-based task force. There are about another dozen people working in the region outside of Thailand, he said.

Much of the recent biometric ID management activity in Malaysia should be read with this in mind.

More on visas and international identity management

Visas reviewed to find those who overstayed (Washington Times)

Mr. Beers said his department remains focused on trying to develop common international standards for biometric data such as fingerprints. He also said the department is working closely with a number of foreign countries.

The GAO report specifically states that while the United States offered several anti-corruption programs to foreign countries, no such programs addressed the problem of passport fraud.

Janice Jacobs, the assistant secretary of state for consular affairs, said in testimony that the State Department and elements of the Department of Homeland Security work with foreign partners on training them to detect passport fraud.

See also: Poor ID management abroad increases US terror risk

UAE ID card, visa services to be unified

Gulf News (via Zawya)

Abu Dhabi By the end of this year, registration procedures for Emirates ID cards will be linked with residence visa issuing and renewal formalities across the UAE, a top official confirmed in the capital yesterday.

Much is to be gained in this approach. If you already have a national ID, why not let the foreign visitor database talk to the citizen database?