Monday, April 26, 2010

Friday, April 23, 2010

IDF buys computers to prevent further information theft

From The Jerusalem Post:
Some of the new computers... will come with specially-designed keyboards that can only be accessed by the insertion of a smart card into its side and the biometric identification of the designated user’s fingerprint.
Token: Something you have.
Password: Something you know.
Biometric: Something you are.

The system described above combines two of the three (and I'd be surprised if passwords aren't used as well) to increase the confidence that those who access the computers in question are who they say they are.

The smart card in this example is the token. Your house key is also a token. Tokens are issued to someone whose identity is known so that they might access a virtual or physical location. The vulnerability of (most) tokens is that they work, no matter who possesses them.

One major redeeming quality of tokens, however is that they are not easily duplicated and when someone loses one, they usually know it and then at least they don't still have it. If there is one key to your house and you lose it, you only have to worry about on key.

This is not true of passwords. Passwords are information and the thing that's great about information is that it's practically free to reproduce and disseminate. That does make for pretty weak security, though. If you lose control of the password to a computer network you might not know it and it can be shared without limit.

Stand-alone, unattended biometric tools are also imperfect solutions. The Mythbusters overcame a fingerprint sensor, for example. But by combining tokens, passwords and biometrics, the security of high value systems can be dramatically improved.

Tuesday, April 20, 2010

Self-service passport kiosks

From the Straits Times (Singapore)

I'd like to see more on this.

How unattended is the kiosk?


The kiosk itself reminds me of those amusement machines where prizes are grabbed with a crane, only the prize is your passport.

Hopefully they're on the lookout for Elvis.

Monday, April 19, 2010

Nigeria: Govt Uncovers 7,000 Ghost Workers

About 7,000 ghost workers have been uncovered in Delta State civil service.
A ghost worker is a worker that collects benefits and a salary, usually from a government entity, while doing no actual work.

Delta is an oil producing state of Nigeria situated in the region known as the Niger Delta, South-South Geo-political zone with a population of 4,098,291.
The population of Delta is a little higher than that of Los Angeles, California.

So, approximately one in six hundred residents of Delta is a government worker that does not do any work. They retire and collect pensions, kicking back a portion of their compensation to their boss. This is a nuts and bolts example of how corruption works and it is a terrible drag on economic growth.

Corruption is what holds much of the developing world back. In countries whose governments are committed to the well-being of their citizens, but face corrupt and entrenched interests, biometric identity management solutions offer unprecedented corruption-fighting tools.

Moreover, the ROI (Return on Investment) is fairly straightforward to calculate. In this case, if the ID Management system costs less than 7,000 times the total lifetime compensation of a low-level government worker, it will save the state money and help it to provide the conditions for an improved standard of living for its citizens.

Friday, April 16, 2010

CSI NJ: Cops Using High-Tech Tools To ID Victims

From WCBS-TV.com (New York, March 4)
The link leads to an article and video showing how the Jersey City Police Department uses their SecurLinx IdentiTrac system.

Expert picks out loopholes in US e-passports

From The Economic Times
Can you make an EMP-generating RFID killer for under $100? Someone can.
Wool's latest research centres on the new "e-voting" technology being implemented in Israel. "We show how the Israeli government's new system based on the RFID chip is a very risky approach for security reasons," explains Wool.
Well, you can always buy one of these.

Thursday, April 15, 2010

United States and Germany Launch Partnership to Link Trusted Traveler Programs

From the Department of Homeland Security
Under this statement, the United States and Germany will develop processes for qualified citizens of either country to apply for both the United States’ Global Entry program and Germany’s Automated and Biometrics-Supported Border Controls (ABG) program, which each use biometrics to identify trusted travelers.

Wednesday, April 14, 2010

County staff will have to clock in, out (Biometrically)

From TimesLeader.com (Northeastern Pennsylvania)

Kronos, selected from five responses to a public proposal, will be paid an estimated $410,160 to implement the system and a $45,140 annual maintenance fee.

County officials have estimated the system will save an estimated $1.5 million annually, largely through the elimination of abuse.

Identity management systems buttressed by biometric technologies are a valuable tool in fighting corruption and fraud in the public sector.

Ghost workers and buddy punchers cost the public billions of dollars a year worldwide.

Tuesday, April 13, 2010

The biggest head count ever

From Businessday (Nigeria)
The author, Jay Shanker, provides a bit of perspective on the Indian census.

Monday, April 12, 2010

Three quick hits

Biometrics to go mainstream - Computerworld (New Zealand)
Vein Pattern Recognition: A Privacy-Enhancing Biometric - info4security.com
National Identity Card: Paving the Road to Tyranny - GOPUSA.com

Biometric identity management solutions are going to become ubiquitous.

Their value proposition is ultimately irresistible.

Biometric tools should be adopted in a consensual and transparent way, because as is the case with any new technology, abuse is not only possible, it is likely.

Friday, April 9, 2010

Dominican alien felon indicted for attempted entry in Puerto Rico

From DominicanToday.com
In secondary inspection Franco-Matos fingerprints were queried by CBP Officers to the FBI Criminal Justice Information database, and the comparison resulted in an identical match to an alien previously removed as an aggravated felon by the name of Julio Cesa-Soto.
In contrast to yesterday's post, this one shows the power biometrics can bring to an identity management system.

In modern times, a person's name has been the datum most commonly used to differentiate among individuals. This is evident in our use of language: keeping one's good name; name brand; household name; etc.*

Names recommend themselves in several ways. Names are used universally. Names are (approximately) unique. They can be represented with text, making for efficient transmission and search. Names are durable and their changes, as in the case of marriage or legal name changes, are governed by well-known social conventions.

Names have always been the cornerstone of identity management systems and those with an antisocial bent have always recognized the value of subverting the defenses a society erects in order to function smoothly. Enter the alias. If you wear out a decent name, simply get another and open up shop again.

Mr. Franco-Matos was simply following the well-worn trail blazed by his criminal forebears, only this time it led straight to jail. The newly minted Julio Cesa-Soto caused no harm. What happened?

It appears that US Customs Border Protection recognized a weakness in an identity management system that was otherwise performing quite well. In this case it appears that the weakness derived from a combination of aliasing and document forgery.

It turns out that biometric ID management solutions are a very good way of dealing with the alias problem.


*The concept of "face" would be an interesting digression here.

Thursday, April 8, 2010

Security Fears Over 3,500 Passports Lost In the Post

From Express.co.uk
PERSONAL details of thousands of Britons have been put at risk after their passports were lost or stolen in the post, it emerged yesterday.
If an organization is doing everything it can and still faces identity management challenges, biometric tools are an excellent way to further reduce uncertainty about people's identity.

If, however, other weaknesses exist in the ID management chain, the addition of biometric tools may not improve security as much as the user expects.

Adding biometric tools to a flawed system can help create a false sense of security. After all, if you know your system is insecure you act a certain way to minimize risk. If you think your system is bulletproof and it is not, really bad things can happen.

Wednesday, April 7, 2010

Monterey County joins ICE program to identify illegal immigrant inmates

From The Californian
Identifying illegal immigrants at the Monterey County Jail just became easier for law enforcement officials.

U.S. Immigration and Customs Enforcement announced Tuesday it has implemented a biometric system at the jail allowing them to receive instant updates on the immigration status of new inmates.

Tuesday, April 6, 2010

U.S. Government Launches Official Agency to Manage Biometric Database

From Popular Science
The Biometrics Identity Management Agency (BIMA) has a responsibility that spans the entire U.S. Department of Defense (DoD), and would specifically support the DoD's "authoritative biometrics database" in the name of national security.