Tuesday, August 31, 2010

War & Peace and Biometric Databases

As the war draws down, however, the collection of so much personal information has raised questions about how data gathered during wartime should be used during times of peace, and with whom that information should be shared.
Lost in the sea of articles about 3M's acquisition of Cogent and caste in the Indian census, is this article contemplating:

The future of the biometric data the US military has generated during the Iraq war [Boston.com].

It's an important question, balancing the legitimate duties and needs of a new government with the potential harm that could come to innocent individuals in the event that the information is misused; and the article does the issue justice.

The good news is that the government of Iraq is democratic. It is a nascent democracy, but a democracy nonetheless. Historically, democratic societies have been better at balancing the rights of individuals with the primacy of the state than non-democratic regimes.

The fact that this is an issue at all, reflects that Iraq has entered into a new phase of its history. If Iraqis were living under a dictatorship or existing in a colonial status, this article never would have been written.

Monday, August 30, 2010

India UID - The Hardware

With 8 gizmos in a case, Nilekani sets out to give 1.2 bn people an identity. [IndianExpress.com]
Packed into what look like two medium-sized suitcases are eight essentials — an iris scanner, a fingerprint machine, a camera, a laptop, a computer screen linked to the laptop, an Internet data card, a pen drive and a printer.

Armed with kits like these, Nandan Nilekani and his team at the Unique Identification Authority of India (UIDAI) will kickstart one of the most ambitious exercises in recent times — distribution of unique identification numbers to India’s 1.2 billion people.
This article deals with the technical and human elements of the Indian UID-worker's job.

Time-and-attendance ROI

Put your finger on a more efficient system. The Globe & Mail [Canada]
"Just about everyone we talk to, whether they're 25 employees or 2,500, is interested in the conversation about biometrics," says Ed van Hooydonk, director of business development at Mitrefinch's Canadian operation in Mississauga, Ont.
This article belongs among the increasingly frequent media treatments of biometrics and ROI that seek to inform rather than alarm.

3M to buy Cogent for more than $900 mln

Guardian.co.uk
Diversified U.S. manufacturer 3M Co on Monday said it agreed to buy Cogent Inc for more than $900 million, paying a nearly 18 percent premium for the biometric identification systems company.
...
3M makes systems for creating and validating documents like passports, as well as products used at national borders. It said the deal will help it expand in the market for law enforcement systems, and estimates the $4 billion biometric market will grow by 20 percent a year.
Expect more news like this. The biometric identity management industry is due for some consolidation and there's a lot of cash sitting on the sidelines of this economy.

UPDATE:
Big shareholder of Cogent opposes buyout terms [LA Times]
Atlanta-based money manager Pointer Capital said in a letter to Cogent’s board on Tuesday that it believed the firm was worth at least $15 a share, or 43% more than the $10.50-a-share 3M buyout that Cogent accepted on Monday.

Thursday, August 26, 2010

Corruption is a stubborn thing

Now, ghost fingerprints on MCD rolls KeralaNext.com [India]
NEW DELHI, India: It was in November 2009 that the Municipal Corporation of Delhi, thanks to its biometric system, discovered it had more than 22,000 "ghost employees" on its payroll. But indicating another ghost of a scam, Delhi Police sleuths say even this multi-crore* biometic apparatus is faulty -- it doesn't recognize finger impressions, nor does it detect duplications.
It sounds like someone should call SecurLinx.

Biometric identity management systems are not magic. If you're just using a thumb print, there is nothing to prevent corrupt officials at the MCD from simply re-enrolling an accomplice over and over, slowly re-building his ghost worker fiefdom.

Our software allows customers to use multiple biometric systems simultaneously. It also facilitates the auditing of enrollment databases in order to cut back on shenanigans like those afoot at the MCD.

In response to the quoted section above: The apparatus is not faulty, the implementation was faulty. The apparatus allowed the discovery of 20,000 ghost workers. That's some good ROI.

The fact that the implemented system has cracks and that corrupt officials are still at the MCD is not a technological failure. It is a human failure.

Identity management is about people.

*Crore = 10,000,000

AmberVision picking up steam

Participation in AmberVision encouraged: News & Sentinel [Parkersburg, WV]
On Aug. 21 RESA 5 volunteers distributed information on the program at stores in Parkersburg. Information also was sent home this week with all Wood County Schools students.

"RESA 5 was pleased to be involved with informing members of our communities about AmberVision," said Ron Nichols, executive director of RESA 5. "AmberVision is a key component for the safety of children and the authorities' ability to find them if the need arises."

Thanks to all the volunteers who helped spread the word about AmberVision last Saturday.

Identification Technology and Citizen Privacy [Audio]

Federal News Radio 1500 AM [Washington, DC Radio]
The rapid convergence of security technologies combined with growing concerns about individual privacy are creating a need to understand the purpose of identification and credentialing in your environment and the impact on the public.
We couldn't agree more.
The discussion appears to have occurred on June 15. We missed it at the time but the discussion is still relevant.

Download audio here.

Wednesday, August 25, 2010

Biometrics: Giving Afghans an identity

Army.mil
There have been a couple of villages that have been enrolled because the village elder said they wanted to prove that they support the Government of the Islamic Republic of Afghanistan and are against Taliban, Yelverton said. "It allows non-criminal males to have an easier time finding work, because if they haven't been involved in criminal activity, it helps," said U.S. Army Capt. Michelle Weinbaum, Task Force 435, Task Force Biometrics operations officer, and a native of Cranston, R.I. "It's not only proof of involvement, but also proof of non-involvement."
Can you imagine an existence where you couldn't identify yourself to anyone who didn't know you already?

This article really illuminates the challenges faced by both the Afghan government and the U.S. military. It appears possible that the efforts of the 101st Airborne Division could lead to the development of the kind of information necessary to increase the effectiveness of the Afghan government and allow the citizens of Afghanistan to create and deepen their civil institutions.
"Afghans enrolling Afghans really works. "Not only did they do an awesome job, Afghans lined up to get enrolled by other Afghans."
Afghanistan hasn't had a census since 1979, and that one was never completed.

From the CIA World Factbook for Afghanistan (2010 est.):
Age structure:
0-14 years: 43.6%
15-64 years: 54%
65 years and over: 2.4%

Median age: 18 years
It seems that only about 25% of the Afghan population was even alive for the last (incomplete) census. It's hard to help a population when you don't know much about it. Perhaps these efforts can begin to develop the information necessary to help make Afghanistan a better place for its citizens. After all, it's about people.

India's UID project: The caste factor

In this post we noted that the Indian government had approved the collection of caste information with the census for the first time since 1931.

For those interested in the subject of the history of caste and the Indian census, this article from Frontline [India] offers insight.
THE inclusion of caste in Census 2011 has been a vexed question for the polity. The uncertainty over the issue has now come to an end with the Group of Ministers (GoM) on Caste Census giving its consent for the exercise. Finance Minister Pranab Mukherjee, who led the GoM, announced in the Lok Sabha on August 12 that only the modalities remained to be sorted out.

In the past few months, caste-based enumeration has been the subject of opinion columns of newspapers, talk shows on television and discussions on the Internet. A conference on “Caste Census: Towards an Inclusive India”, held on July 23 at the Centre for the Study of Social Exclusion and Inclusive Policy (CSSEIP) of the National Law School of India University (NLSIU), Bangalore, provided another forum to discuss the issue at length.
Identity management is about people.

UPDATE: I forgot to include the link to the Frontline article. It's fixed now, with apologies.

Tuesday, August 24, 2010

A finger's touch allows entry to UA Rec Center [Arizona]

Arizona Daily Star
There was always something inconvenient about the University of Arizona's Student Recreation Center, but you couldn't put your finger on it.

Now you can.

Starting this week, Rec Center members no longer will need to use their ID cards - called CAT Cards - before exercising.

Instead, they'll scan a finger.
Here's another good example of a balanced article that describes the benefits of a biometric identity management system. I believe it is also the first time the finger vein biometric modality has appeared in a linked article.

Biometrics, home from the war, returning to a good desk job

Pentagon using biometrics for smarter warfare, facilities, business processes (SmartPlanet.com)
  • At Eglin Air Force Base, Fla., the Air Force uses a device that scans hand prints to clear veterans who are receiving treatment at the Veterans Affairs clinic for access to the base hospital.
  • At Fort Belvoir, Va., the Army uses iris scanning technology to provide keyless entry to sensitive areas.
  • The Navy uses biometrics equipment to confirm identifies as they board foreign vessels.
Alas, the vast majority of the comments reflect that we in the industry still have a lot work to do in fostering a public dialogue about the role biometric identity management systems can/should play in a wired society.

Monday, August 23, 2010

Privacy and Transparency

When contemplating the cost-benefit of public biometric deployments many in the developed democracies tend to think first of privacy. 

The public in developing countries more frequently views biometric deployments in terms of transparency.


Friday, August 20, 2010

The West Virginia Board of Education, the West Virginia Department of Education and Regional Education Service Agencies have partnered with Wal-Mart and Gabriel Brothers to spread the word about AmberVision

“The West Virginia Department of Education is encouraging all parents to sign up for Ambervision,” says state Superintendent of Schools Steve Paine. “The minutes after a child is reported missing are the most critical. The faster information is released to the public, the more likely a child will be returned home safely.”

L-1 Identity nears sale

Reuters
L-1 said it would announce a deal, which analysts said could be around the $1 billion mark, in the coming weeks.

Wednesday, August 18, 2010

Siemens getting roughed-up in the Bulgarian press

New Crash Looms for Bulgaria's Biometric ID System
novinite.com (Sofia)
The reason is the fact the maker of the software, the German Siemens, had not delivered the needed forms, Dimitrov said, adding the company is not fulfilling most of their commitments.

According to the Deputy Minister, by May 30 Siemens had to deliver 400 000 covers for the new biometric data passports, but only 393 000 were received two and half months later, while nothing has yet arrived from the additional 300 000 covers, ordered by the Interior.
In a biometric passport deployment like this, software development and passport manufacturing are two very different functions. They have to meet somewhere, though, and Siemens is the prime contractor. Nevertheless, it's difficult to see how an original shortfall of only 7,000 passport covers explains the difficulties associated with the Bulgarian passport deployment.

For background on Bulgaria's experience with its biometric passport rollout, see this article of April 23, 2010 from the Sofia Echo.

Indians to receive UID number by February

All citizens will get a 10-digit unique identity (UID) number by February. The biometric card will have 13 mandatory things such as the impression of your eyes and fingerprints and all information about your family.
Crore = 10,000,000
Currency:
Rs. 50 = USD 1.75 (8/18/2010)

Tuesday, August 17, 2010

Phillippines Bureau of Immigration adopts biometric Time-and-Attendance system for all staff

To instill discipline and professional work ethics in the bureaucracy, the Bureau of Immigration (BI) implemented a policy of strictly requiring its officials and employees to personally register their daily attendance through a biometrics-based ‘bundy clock’ system.
It bears repeating: Systems like this can help the people get good value from their public servants.

Human-Trafficker & repeat offender busted by fingerprint ID system

Orozco-Larios was driving a 1998 Pontiac minivan when a Seward County sheriff's officer stopped him and found that Orozco-Larios and his eight passengers were illegal aliens. Four passengers were female children who were not accompanied by parents.
I wonder what work Orozco-Larios had in mind for the four unaccompanied female children.

These technologies can be a real force for good in the world.

See also: AmberVision to begin operations in Mexico, especially the video comments by Guanajuato, Mexico Mayor Niceforo Guerrero.

AmberVision is a non-profit application of SecurLinx technology dedicated to returning missing persons to their families.

Monday, August 16, 2010

California gym uses fingerprint sensor instead of entry card

SacBee.com
At 24 Hour Fitness, the entire fingerprint isn't actually scanned; random points on the print are recorded and then assigned a unique number, said regional vice president Troy Croghan. And the company never sells member information, he said.

Although the new system is optional, 97 percent of members who have been asked have signed up, Croghan said.

"For a majority of our members, this has proven to be an easier way to gain access to the club," he said.

Croghan also touted the increased security with the elimination of lost or stolen membership cards, as well as the green benefits of no longer depending on plastic cards.

It's good to see more articles attempting to inform readers of how biometric identity management technologies work and focusing on a cost-benefit analysis rather than lazily tossing around terms like "fingerprinting" and "Big Brother".

Gina Kim of the Sacramento Bee did a great job on this article.

UPDATE:
For a useful counterpoint, see this article on the same event. Find an uninformed gym user, a company man and two "privacy advocates" and the piece pretty much writes itself!

New Zealand and Australian immigration officials have begun sharing fingerprint information

NZHerald.co.nz
"It's a small scale arrangement but it's significant in that this is the first time that we have been running a biometric matching agreement international from an immigration point of view."

Bilateral agreements are often much easier to negotiate and implement than multilateral agreements.

Friday, August 13, 2010

Security Industry Association opposed to bill restricting use of biometrics security solutions in Alaska

SourceSecurity.com

Hot on the heels of the Canadian Privacy Commissioner's attack on fingerprint biometrics for medical school applicants comes word that Alaska is contemplating:
Bill (SB 190) from Alaska State Sen. Bill Wielechowski (D-District J) mandates that "A person may not retain or analyse, or disclose or distribute to another person, biometric information on an individual without first obtaining the informed and written consent of the individual" (Law enforcement and other parties authorised by state or federal law would be excluded).

The text of the bill is available here.

It seems like the bill is primarily concerned with DNA. If the bill limited itself to the restriction of DNA analysis, it would make more sense.

The issue - Biometric identification

TES.co.uk
When an image of a child’s fingertip is taken, most of the data is discarded, but certain points of the image are remembered and converted into an algorithm - a series of letters and numbers. This is the data that is stored and matched against children’s fingertips on a daily basis. “It would be extremely hard to reverse the process and turn the numbers back into an image,” says Mr Rossiter. “All you would have is a series of random points.”

Kudos to TES Connect for this balanced, informative, and fair article.

Tucked away at the bottom of this article is a very good memorandum offering guidance from the Information Commissioner’s Office [UK]. It can be can be found here in PDF format.

Thursday, August 12, 2010

British Government: Anti-RFID passport cover 'preys on fears'

A Home Office spokeswoman said: "The data encoded to the chip in the biometric passport is securely stored and contains no more personal data than the information printed on the data page of a passport.

"There is no evidence to suggest anyone's personal data has been stolen from a passport's RFID chip. The passport chip does not have the same communication protocol and therefore it is not physically possible for the chip to be read from the distance suggested."
I've made no secret of my curiosity about the RFID-blocking passport holder.

The Home Office seems to be responding to the article that inspired
this post (and probably many others).

Biometric cards save grain worth Rs. 20 cr. a month

Bangalore: Issue of biometric bar-coded ration cards to households in the last few months by the Food and Civil Supplies Department has helped eliminating nearly 8.5 lakh bogus ration cards from PDS.
Glossary:
lakh = 100,000
crore = 10,000,000

These technologies can increase the efficiency of social safety nets, reducing corruption and increasing the likelihood that the public will support governmental efforts to reduce poverty.

The Indian government has approved the inclusion of information on caste in the ongoing population census.

The controversial decision was taken by a group of ministers, headed by Finance Minister Pranab Mukherjee.
The enumeration of caste in India has evoked a divided response, even as the pressure of other backward class (OBC) groups forced the ministerial panel’s nod. The last caste census was carried out in India in 1931.
Janata Dal-United (JD-U) member Sharad Yadav also joined the protests, urging Speaker Meira Kumar to allow the protesting members to speak over the matter and ask the government to explain its position. 
We've drawn attention to the Indian census before, focusing mainly on the technological challenges India faces in attempting to create a comprehensive multi-modal biometric register of its adult population.
As these three articles indicate, the challenges aren't limited to the technological realm. The social challenges associated with the effort are gargantuan as well.

Wednesday, August 11, 2010

Privacy commissioner seeks to block finger-printing of Canadian med-school applicants

Canada.com (Link was broken earlier, fixed now. UPDATE: Now altogether dead.)
UPDATE: A summary of the article is here.

This article has it all:
  • Abuse of the term "fingerprinting" (see also, this post).
  • International trade & politics
  • Inflated expectations of privacy
  • A public official called a Privacy Commissioner
The long and short of it is that Canadian medical schools rely on the MCAT admissions test administered by an American firm: the Association of American Medical Colleges (AAMC). This firm, in order to maintain its value proposition, uses a pretty rigorous identity management regime that includes the use of a fingerprint biometric so that it is very difficult to take the test for someone else.

Now anyone who is on the demand side rather than the supply side of of the medical industry (or who isn't a Privacy Commissioner) is likely quite comfortable with the status quo. After all, if you really want to enter into a profession that allows you to prescribe medication, make people unconscious, cut people open, hold life in your very hands while being highly regarded by society and well compensated for your efforts, is identifying yourself with a high degree of certainty too much to ask?

The Privacy Commissioner of Canada, however, has a useful bogey man: The Patriot Act. The official name of the law is the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 and its 131 pages can be read here.

The Privacy Commissioner is concerned that Canadian citizens that take the MCAT and only apply to Canadian medical schools could one day have their fingerprint record accessed by the U.S. government, because those records are stored in the United States, and has found that this state of affairs violates Canada's Personal Information and Electronic Documents Act (PIPEDA) (I don't get the acronym either).

I'm neither a lawyer nor an expert on the Patriot Act so I will withhold judgment on the likelihood that a non-terrorist, Canadian MCAT taker who never applied to an American medical school will have their civil rights violated by the U.S. government using a subpoena of the AAMC under the Patriot Act. Curiously, the Privacy Commissioner, who hopefully is a lawyer and an expert on the Patriot Act, makes no such judgment, either. I searched in vain for the legal documents relevant to the case and perhaps she addresses the likelihood there. Nevertheless, the concerns of the Privacy Commissioner aren't so well founded that she can produce any medical school applicant that has suffered at the hands of the AAMC and Patriot Act, but one wouldn't be doing one's job as Privacy Commissioner if one waited for actual things to happen before launching legal action.

There are some simple things that the AAMC could change that would seem to ease the Commissioner's stated concerns, such as storing those records in Canada or gaining informed, expressed consent from the test takers, but
Stoddart is asking the court to order AAMC to develop an alternative procedure for verifying the identity of people registering for the MCAT in Canada that does not involving collecting fingerprints.
I have an idea. A private detective will follow all Canadian medical school applicants from the time they take the MCAT to the time they enroll in a medical school.

Total cost: $25,000 per test.

All Canadian MCAT test takers will have to take this form of the test; we can't have impoverished aspiring Canadian physicians ruthlessly separated from their privacy by foreigners for mere "financial" considerations.

Happy now, Privacy Commissioner?
Canadian medical school applicant?

Vending Machines Of The Future

MyFoxNY.com
Next Generation Vending and Food Service is experimenting with biometric vending machines that would allow a user to tie a credit card to their thumbprint.
O vending machine, whatever will become of you?

It does seem that I see a lot fewer vending machines than I used to. It is also possible that the move away from cash could be one explanation. In that light it is appropriate for the vending machine to evolve to meet the spending habits of modern consumers by integrating non-cash purchases as efficiently as possible.

But is it possible that there are other forces at play here? More and more people live within a few miles of a big box store that stays open all night and these 24-hour big box stores are adding more and more self service checkout lanes.

Have we simply super-sized vending machines?

Tuesday, August 10, 2010

An Interview with Gartner's John Pescatore

BankInfoSecurity.com
Podcast here.
Really, what has to happen in most of these trends, whether it is mobility or consumerization or cloud, the business is heading in that direction for some business advantage, quite often cost reduction. It is cheaper to use web-based email than Microsoft Exchange, or cloud-based computing is cheaper than building your own data center.

So, wherever there are those cost reductions, some part of it has to be dedicated to adding back in the security that has gone away.

I've found Gartner's analysts and the quality of their work to be top-notch.

Facial recognition implementation and messaging: A cautionary tale

Big Brother facial recognition cameras being rolled out in NCP car parks
DailyMail.co.uk
Cutting-edge cameras will scan drivers' faces and check them against a crime database as they enter car parks, it emerged last night.

NCP, which is trialling the system at 40 sites, hopes it will help identify potential car thieves.

But privacy campaigners reacted with fury, saying the technology could criminalise innocent people.

Forgiving the unfortunate phrasing of the last quoted sentence (I'm not sure it's technically possible to "criminalise innocent people"), this article makes several points of which would-be consumers of biometric identity management systems should be aware.

1. There are people who are extremely suspicious of these systems and they aren't very moderate in their assessment of the motives of those who install these systems.

2. The non-technical press seeks out and amplifies the point of view of those who are suspicious of these systems.

Given 1 and 2 above, adopters of biometrically-enabled identity management systems should make sure that they are in a position to explain why they are doing what they are doing. They should be able to communicate how the accompanying improvements in business processes benefit the business's bottom line and improve the value proposition the business is able to offer to its customers. This post offers a great example. This quote from the linked article falls a bit short:
Lee Holland, the company's regional director, said: 'We hope that our customers will view this as a positive move to help improve the security we offer at our car parks.

'Our aim is to help customers to feel comfortable that they are parking in an environment which is extra-vigilant when it comes to dealing with the small minority involved in car crime.'

"I hope this makes you feel safer" isn't likely to compensate the customer for the extra cost of the system which will show up in the price of the parking service or the inevitable inconvenience associated with false positive and/or false negative identifications.

As a practical matter, the technical and public relations challenges are much easier when these systems are applied to managing the identities of staff rather than customers. As a parking garage customer, I might derive some benefit from the knowledge that all garage staff were thoroughly vetted using state of the art ID management techniques while the inconvenience associated with that task falls upon someone else. If you're going to use those tools on me, your customer, I will require compensation.

I guess it's possible that the problem NCP is trying to solve is that its customers are stealing from each other at an unacceptable rate. It's also possible that the thieves are a small minority of NCP customers and that NCP has good quality photos of these people for use in the facial recognition database. But if these things are true, why not just come out and say it?

I'd like to offer a few caveats to the above analysis:
It is possible that the linked article is not meant to be fair and that the article does Lee Holland and NCP a disservice. I have accepted the article at face value (no pun intended). If taking the article at face value was a poor decision on my part, the part of my analysis dealing with NCP and Lee Holland is bound to be off. Nevertheless, if my analysis is wrong because the article is unfair, the points made in the first half of this post are buttressed rather than undermined.

Monday, August 9, 2010

Is Trust the next "Killer App"?

FederalNewsRadio.com (Washington, DC)
Panel Discussion
Air Date: August 12th, 2010 at 11 AM (GMT-5)
How does one assure trust in Cyberspace? As citizens, government, and business enterprise increase the amount of information that is shared online, fundamental questions arise around security requirements, data and identity management, and infrastructure. Trusted online environments can reduce costs, expand services, and are critical to protecting how, and to whom, information is shared.
This is part of the "Expert Voices Presented by Booz Allen" series.

The Coalition for a Secure Driver's License presents Indiana Bureau of Motor Vehicles with Homeland Security Award

Press Release here: Yahoo.com (July 26, 2010)
Coalition for a Secure Driver's License site here.
"Indiana's focus on a secure credential is a benefit to all Hoosiers," stated Indiana BMV Commissioner Andy Miller. "The credential no longer is used exclusively as evidence a person can drive; it is now the most commonly used form of identification. As the agency issuing the identification, we need to ensure that each person is who they say they are. We greatly appreciate the recognition from the Coalition for a Secure Driver's License and will continue to provide secure credentials, while maintaining our commitment to customer service."
The CSDL site offers a wealth of information about what makes an identification document secure.

The Great Privacy Debate

It's Modern Trade: Web Users Get as Much as They Give - Wall Street Journal
Only one thing is certain here: Nobody knows how this is supposed to come out. Cookies and other tracking technologies will create legitimate concerns that weigh against the benefits they provide.
Tracking Is an Assault on Liberty, With Real Dangers - Wall Street Journal
Through the sites we visit and the searches we make, we disclose details not only about our jobs, hobbies, families, politics and health, but also about our secrets, fantasies, even our peccadilloes. 

I think Mom's advice is still the best: Don't write down anything you wouldn't want everyone to know. Only now, "write down" covers more real estate than it used to.

Related thoughts from Eric Schmidt, Google CEO. I think he's expressing fantasy rather than certainty when he asserts:
"True transparency and no anonymity", he says, is the way forward - and there's nothing we can do to prevent it.

Friday, August 6, 2010

Ageing irises could confound biometric checks

A BIOMETRIC trait is not just unique, it is also for life. That is one of the claims often made for biometric-based security systems like iris recognition. Now it appears that iris scans can produce subtly different patterns over time, so the older the image of a person's iris stored on a computer, the more likely that the system will fail to match it to a new scan of their iris.
Iris has been touted as the most durable biometric available for identity management applications that are practical for some uses given today's technology.

That still may be the case. Biometric identity management systems are not replacements for current security systems and protocols. They are augmentations of those systems. Very few security solutions are completely unstaffed. 

The lock on your front door is apparently unstaffed, but is it? If you live in an apartment or are staying in a hotel and you lock yourself out, the front desk staff will verify your identity and issue you a new key. If you live in a house, a locksmith can verify your identity and gain access to your abode for you.

The deployment of biometric identity management solutions has more to do with making better use of the existing security staff rather than putting computers in charge of security. 

Using the example from the linked article -- the false rejection error rate increases by 75% over four years -- it is not clear that this is a big problem for iris matching technology.

First, if the false rejection rate the day after you enroll in the system is one rejection in 1,000 verifications, then your odds of having to check in with the security guard are 1/1,000 or a .1% chance. Four years later, your odds are .175%.

Compare that number to the odds of getting to work without your prox-card or ID badge. If the false reject rate is lower than the forgotten ID rate, it is appropriate to proceed to a comparison of the costs of each alternative. 

The scientific- and business communities are concerned with two very different metrics. The scientists are, and should be, obsessed with perfection -- forcing error rates seen in the lab into the infinitesimal. Businesses/consumers should concentrate on ROI asking: If I do this, will I be better off than I was?

Thursday, August 5, 2010

AmberVision Goes International

Here's a round-up of the press coverage of our Memorandum of Understanding with the city of Guanajuato, Mexico. We are excited to be working with Guanajuato and we are eager to apply the AmberVision model and technology internationally.

AmberVision Goes International (State Journal)

Wednesday, August 4, 2010

AmberVision to help families in Mexican city






A city in Mexico is getting access to a high-tech, missing-persons alert service free of charge, thanks to its sister city of Morgantown.

The city is Guanajuato: UNESCO World Heritage site and home to some of the friendliest people you could ever hope to meet.

www.ambervision.org

Tuesday, August 3, 2010

U.S. State Dept. seeks police powers

UPI.com

The U.S. State Department has asked Congress to give the passport agency law enforcement status, saying it is needed to combat fraud.

The linked article provides an update to this post of July 29.

Monday, August 2, 2010

'Gross insecurity' of high-tech locks exposed

Wired.co.uk
It wouldn’t be DefCon without a noted lock hacking team demonstrating the gross insecurity of some of the latest security locks, such as a biometric lock that could be easily cracked with a paper clip.

Some of the physical access control products hacked were of poor design. Some are well designed. All can be overcome by professionals. The existence of the legitimate locksmith industry is proof that we know this and that we, in fact, depend on it.

Security is about context. A typical home's front door lock really isn't meant to make it impossible to gain improper access. Rather, it is meant to raise the costs of gaining improper access.