Friday, November 30, 2012

Pakistan moves toward biometric verification of pensioners

Pensioners woes to end thru Biometrics Smart Card: NADRA (Pakistan Observer)
Islamabad—National Database and Registration Authority (NADRA) on Thursday claimed that it has developed a mechanism to issue Biometrics Smart Cards to facilitate pensioners. The programme would help the pensioners to withdraw their pension from any biometrics enabled platform used by banks, post offices and any other alternative channels. All the technology components are fully developed by NADRA, tested and ready for deployment.

SC Magazine announces 2013 reader trust awards finalists




2013 SC Magazine US Awards Finalists
Biometrics makes its appearance under the Best Multifactor Product category.

Australia to test drive ABIS developed for US by Northrop Grumman

Australia to test biometric system (UPI)
Australia's Defense Department has received a trial proof of concept for an automated biometric information system from Northrop Grumman.

The proof of concept, modeled after the U.S. Department of Defense Automated Biometric Identification System, will be used to produce biometrically enabled intelligence.

Asha uses biometrics to fight tuberculosis in India

Excellent Idea of the Day: TB Tracker Halts Disease's Spread (MSNBC)
Biometric systems are used to track people. A researcher from Microsoft is showing they can also help keep tabs on the spread of tuberculosis, and even stop it.

Partnered with the non-profit Project Asha, Bill Thies, who works at Microsoft Research India, developed a way to use a simple fingerprint reader and a netbook to track tuberculosis patients in India.

This may sound big brother-ish, but it's important to make sure TB patients return to local clinics to get their medications. TB is relatively easy to treat and cure, with a standard course of antibiotics. But many patients don't keep taking the drugs because they feel better. "The challenge is to make sure they finish the course of treatment," Thies told Discovery News.
Read the whole thing. Tuberculosis is a scourge that is preventable but tenacious.

The Asha web site is here
Twitter: @AshaSociety

UPDATE... Ukraine: New passport law, no fingerprint for now

ORIGINALLY POSTED 29 NOVEMBER 2012. UPDATED & BUMPED.

Yanukovych signs law on biometric passports (Kyiv Post)
The document foresees the introduction of electronic passports containing electronic chips with biometric information for traveling abroad, according to standards of the International Civil Aviation Organization (ICAO).

According to the law, the passports of Ukrainian citizens will be produced in the form of cards with contactless smart chips and issued no later than 30 calendar days from the date of the submission of a relevant application. The electronic passports will include the name of the state, the name of the document, the full name of the holder, the holder's gender, citizenship, date of birth, and a unique number in the register, the number of the document, the date of the document's expiry, the date of issue of the document, the name of the agency that issued the document, the place of birth, a photo and the signature of the holder.
I was going to write the post title as "Ukraine: New passport law, no biometrics for now," but ID photos are biometrics.

UPDATE:
This press release says that the Ukraine passport will, in fact, contain fingerprints. It states, in part:

Ukraine approved the introduction of electronic IDs and creation of the state demographic register in the country. The relevant law, signed today by President Yanukovych, will take effect on January 1st, 2013. It stipulates the introduction of the documents for traveling abroad that have a built-in proximity chip with registry information on the holder. The IDs will comply with the standards recommended by the International Civil Aviation Organization (ICAO).

It will take 30 days to produce such an ID, which will hold information about name, sex, citizenship, birth date and place of residence of a person, their photo, signature, and additional biometric data, as well as issue and expiration dates. The law clarifies that digitalized signature and photograph of a person's face constitute main biometric data, while digitalized fingerprints are additional biometric data. [emphasis mine]


Aside from buttressing the point made above about that face photos are biometrics, the release strongly hints that fingerprint biometrics will be a part of the new passport. If that's the case, the fact was omitted from yesterday's Kyiv Post piece. Perhaps the press release contains enough ambuguity to interpret both pieces as accurate.

We'll keep an eye out for new information.

Thursday, November 29, 2012

Is logical access control set to get a lot more invasive?

Will You Sacrifice Privacy For A Better Password? (Forbes)

Farm Bureau working group suggests biometric Ag Card for migrant workers

Would an ‘ag card’ labor proposal work for agriculture? (Western Farm Press)
To help alleviate labor shortages in U.S. agriculture, an American Farm Bureau Federation (AFBF) working group has proposed work authorization for “a limited population of key workers that have agricultural experience and will continue to work in agriculture to remain in status on what we call an ‘ag card,’” says Kristi Boswell, AFBF director of congressional relations.

The card would be biometric and carried by migrant laborers to prove work authorization.

Wednesday, November 28, 2012

Because the obvious is rarely stated often enough...

Biometrics security is not foolproof (Police One) — A discussion of passwords, the Windows registry, and the UPEK fingerprint password manager with techie cop Tim Dees.

Our 2¢ here.

Irish privacy commissioner's report

It's mostly inspired by the Facebook photo tagging affair but it deals with privacy issues and biometrics in a holistic way.

Ireland: Preserving Privacy In The Age Of Biometrics (mondaq)
The Office of the Irish Data Protection Commissioner ('ODPC') recently published its audit report regarding Facebook. The audit was undertaken to determine whether Facebook had implemented recommendations stemming from the ODPC's first audit in 2011. While the audit was largely positive in its findings, the photo tagging feature introduced by Facebook, 'tag suggestion', was deemed by the ODPC to be a step too far for compliance with European data protection rules. This tool used cutting-edge facial recognition technology to automatically suggest the matching of names and pictures, i.e. upon the Facebook user uploading a photo, 'tag suggestion' would prompt the names of the individuals appearing in such image.
Consent, contract and transparency are all discussed in some detail at the link and we've discussed those topics philosophically on this blog in the past. There is also an analysis of proportionality in the linked article. Proportionality is a concept seen a lot in discussions of privacy issues involving European government institutions. It's not a big part of privacy discussions in the United States.

In Europe, governments seem to feel freer to proactively inject themselves into arrangements between private entities than do governments in the United States. The recent French decision re biometrics for time-and-attendance is a good example of the invocation of proportionality to regulate the behavior of private entities.

In the United States, negligence, liability and torts seem to fill some of the roles proportionality plays in Europe. Since the legal system in the United States generally holds that one cannot consent to another party's negligence, negligent parties are exposed to civil suits in the event that a data breach harmful to individuals occurs.

In general, it seems that the European approach is more proactive and government driven while the approach in the United States is more reactive and driven by private interests.

Fingerprint pot-dispensing machines big news in Massachusetts

A secure stop for pot? (MetroWest Daily News)
After voters this month legalized medical marijuana, an Arizona businessman is opening an office in Natick, hoping his biometric dispensing system becomes the standard used in Bay State dispensaries.

Bruce Bedrick, CEO of consulting firm Kind Clinics LLC and manufacturer Medbox Inc., said it prevents people from obtaining marijuana fraudulently.
Medbox was also in the news lately when investors looking to cash in on medical marijuana referendums in the United States drove Medbox shares from $3.14 per share before the election to $215.00 per share on November 15.

Click here for a current quote.

Tuesday, November 27, 2012

Civil group publishes report on Ghana biometric voter registration

Coalition of Domestic Election Observers (CODEO) final Statement nationwide Biometric Voter Registration exercise (Citifm Online)
The goal of CODEO’s BVR observation was to promote a credible voter registration in Ghana, which is accurate and will contribute to peaceful election outcomes. With the generous assistance from the United Kingdom Department of International Development (DfID):

CODEO recruited, trained and deployed a total of 650 of its members to observe the entire BVR registration exercise. This observation covered a random sample of 600 registration centers drawn from 300 Electoral Areas in 100 districts in all 10 regions of Ghana. In order to obtain a nationally representative sample, key consideration was given to the total number of registration centers in each of the 10 Regions in the country and the same was repeated at the regional, district and electoral area levels. This allowed CODEO to obtain a true picture of the BVR exercise nationwide over the four phases of the exercise.
Their findings are likely of interest to others contemplating very large scale identity management deployments.

We just love it. No one wants to go back.

Palm scanners get thumbs up in schools, hospitals (USA Today)
Palm-scanning technology is popping up nationwide as a bona fide biometric tracker of identities, and it appears poised to make the jump from schools and hospitals to other sectors of the economy including ATM usage and retail. It also has applications as a secure identifier for cloud computing.

Here's how it works: Using the same near-infrared technology that comes in a TV remote control or Nintendo Wii video game, the device takes a super high-resolution infrared photograph of the vein pattern just below a person's skin. That image, between 1.5 and 2.5 square inches, is recorded and digitized.
It's not hard to see why palm vein scanners are attractive in many applications. Users don't have to touch anything, they're fast, and the biometric is more difficult than some others to spoof.

Thursday, November 22, 2012

Blogging will resume Monday UPDATE: Make that Tuesday.

We're taking some time off for the Thanksgiving holiday.

Blogging will resume, at the latest, Monday.

UPDATE: Due to a change in travel plans, we'll be back in action Tuesday.

Monday, November 19, 2012

Biometrics & the Michigan State Police

New technologies help police ID suspected crooks (South Bend Tribune)
11/2-year-old Biometrics and Identification Division of the State Police makes Michigan the first state to have a separate office working on criminal justice biometrics.
...
"Criminals are known for being untruthful, and they have a motive to hide their identity. So it's up to law enforcement to find out who they really are and find out if they may be wanted for other crimes in other places across the state or the country," he said.

Early reports on Sierra Leone elections are cautiously optimistic ahead of results

WASHINGTON POST: Sierra Leone carried out a largely peaceful and well-conducted vote despite isolated reports of money changing hands and polling stations marred by bees and lack of light, observers said Monday.


AFP: Sierra Leone's election received kudos from observers Monday for being peaceful and well-organised, but concerns spiked over potential violence around results as the opposition alleged poll fraud.

Saturday, November 17, 2012

Sierra Leone votes today

Can tech revolutionize African elections? (CNN)
by Jonathan Bhalla at Africa Research Institute
An often overlooked aspect of the current electoral cycle in Sierra Leone is the use of biometric technology to capture thumb prints and facial features in the registration of voters.

"Credible elections start with credible voter registration," remarked Christiana Thorpe, chief commissioner of Sierra Leone's National Electoral Commission, during a presentation at Africa Research Institute in London in July 2011. For Thorpe, a bloated or inaccurate voter register always has a negative effect on the electoral process.
Read the whole thing.

Friday, November 16, 2012

Biometrics enable micro-lending in Namibia

Namibia: Another Step Forward for Access to Banking (All Africa)
In terms of the agreement, PostFin will use the DBN credit line to finance small businesses, housing and education.

The micro-lending agreement builds on the existing relationship between NamPost and DBN. NamPost previously used DBN finance to implement electronic banking with biometric account management, which has substantially improved access to banking in Namibia, particularly in smaller centres and hard to access areas.
Read on and you'll also learn that in Namibia, like in other countries, the postal service is getting in on the ID business.

Click the 'Postal Service' label below for more examples.

Sierra Leone votes tomorrow after biometric voter registration

Sierra Leone to vote in litmus test for post-war democracy (Tengri News)

For several reasons biometric voter registration without biometric voter verification is at best a half measure toward preventing electoral fraud. Hopefully it's enough to insure peaceful elections in Sierra Leone.

No biometric verification, no vote

No verification machine, no voting; Afari Gyan declares (Ghana Web)

No biometric machine, no voting – EC, political parties agree (Ghana Business News)

At least the kids can't vote twice - Ghana edition

Image accompanies this article in Ghana's Daily Guide


Minors Captured In Biometric Voter Register A Big Challenge For EC – Dr Afari-Gyan (Ghana.gov)
He said the biometric verification machine cannot determine who is a minor or a foreigner and that examination of images of those captured during the biometric registration shows that minors were registered all over the country.
This brings up several ID issues.

Since there is no precise physiological indication of age, it is important to register children when they are born.

Some non-trivial proportion of the world's individuals don't actually know how old they are.

What policies were in place during the voter registration process?

It's almost impossible to conceive that the enrollment software didn't in some way note the electoral worker responsible for each enrollment. Is there any correlation between the registrants that seem obviously to be around twelve years old and the worker responsible for the registration?

On the positive side, with a well-functioning biometric voter system at least the kids can't vote twice.

See:
At Least the Kids Can't Vote Twice in ARMM, Philippines
Biometrics "Fix" Identity


Thursday, November 15, 2012

Disney biometrics: Going back to Cali? I don't think so.

Disney [Kinda] Puts Its Foot Down on Ticket Renting (COASTER-net)
Disney began cracking down when they realized that the businesses were offering these multi-day discounts for less than $100 a day when the going rate for both parks is $125 for a single-day ticket.
...
Walt Disney parks in Florida and other parks such as SeaWorld and Busch Gardens theme parks use a biometric finger scanning system for their multi-day pass system. However, according to Disney in California a similar system will not be used at the Disneyland Resort theme parks.





OK, I'll save you the Google search. Here it is...

SRA keeps DOJ biometrics management project

SRA to help DOJ with biometric database system (Washington Technology)
The contract was awarded under the Information Technology Support Services 4 procurement vehicle. SRA will continue managing, operating and maintaining the agency’s Joint Biometric Data Exchange Hosting Environment infrastructure.

Services include system operations, maintenance and help desk support, system development, government furnished equipment inventory/distribution management and system security.

Strengthening the 'chain of custody' with biometrics

Biometric Access Control Systems Help to Improve Evidence Management (Press Release)

How many times have Law and Order, NCIS, Dexter or some other crime drama aired episodes where evidence has “gone missing”? Most likely, it’s been too many times to count. Watching these shows and seeing racks of cardboard boxes in an unmonitored storage room leaves the average citizen wondering; is that how things are handled at my police station? The answer is, not anymore and things are improving all the time.

Property and evidence control and tracking causes enormous concerns in law enforcement. The process for tracking evidence has typically consisted of manually filling out property forms, which may lead to errors and inconsistent chain of custody records. 


This stainless steel, wall-mounted, computerized kiosk houses a biometric ID reader for access verification and touch screen user navigation. LEID Products chose Advanced Kiosks to build their BACS Systems because of the durability, ruggedness and quality of its state-of-the–art kiosks which meets the high standards required for BACS Systems.


This is a great application of biometrics to law a enforcement identity management challenge.

Google and Facebook have better Face Rec than the Police

Revelations In Online Facial Recognition (Police Oracle)
Ground-breaking biometric research has shown that the freely available facial recognition search engines used by social networking sites such as Facebook and Picasa are as accurate as some specialist biometric systems sold to government agencies, such as police forces.
First, the above linked article is extremely interesting and I suggest you read the whole thing. I just don't share the author's surprise at the research results.

Here's why:

Facebook and Google (Picasa) have way more money than police departments and they can use facial recognition to make more money still.

Facebook and Google grasped the return on investment facial recognition offers them much earlier than Police departments. That isn't surprising either.

Unlike police, Facebook and Google face almost no labor cost in collecting facial recognition information. Their users do all the work for them leaving the companies to concentrate on processing the information. Police labor is expensive.

Also unlike police, Facebook and Google can (and do) change their terms of service to accommodate what they want to do. Police don't get to write, much less change, their terms of service (the law) regarding how and what information they collect and how it can be used.

Facebook and Google face technology isn't free. In fact, having acquired face.com, Facebook has sent notice to face.com customers that in the near future they will have to look elsewhere for facial recognition help.

Google and Facebook are for profit tech companies. Police departments aren't.

I suspect that Facebook (maybe Google, too) is applying much stronger data tools in its facial recognition efforts — tools that police can't use. To understand why it is important to realize that a simple facial recognition search of all the photos on the Facebook or Google servers would be pretty close to useless. The 'book simply has far too many faces. Based upon the image quality and the high number of photos, there would be far too many false positives resulting from a "brute force" matching effort. I'll make an educated guess that the reason Facebook gets the facial recognition results that it does is that it uses its (highly proprietary) knowledge of its users to limit the face rec search only to people that Facebook already believes have a significant likelihood of actually knowing each other. If my assumptions hold, police would have to have a Facebook-like awareness of the population in order to achieve Facebook-like facial recognition results.

Given the above, it would be astounding/shocking/alarming (substitute your own descriptor) if Google and Facebook weren't better at facial recognition than are police departments.

Ghana: The big day is three weeks away

Legislative and Presidential elections in Ghana are just 3 weeks from tomorrow: December 7, 2102.

In keeping with its leadership role in West Africa, Ghana is an early adopter of biometric technologies for managing national elections. At least a couple of other West African countries (Sierra Leone this Saturday, and Cameroon) have committed to biometric elections in the near future and it's fair to say all other countries in the region are taking a keen interest in how things go in Ghana.

People in Ghana are acutely aware that the eyes of West Africa and the world are on them. Beyond that, they want free, fair, orderly and well-managed elections. With three weeks to go, some anxiety is beginning to show and there seems to have been a spike in media coverage of the electoral process.

Here's a run-down of some of what the Ghanaian media is saying.

Dousing The EC Blues (Daily Guide)
The Electoral Commission (EC) does not appear ready with key components of the forthcoming polls, raising the adrenaline level of most Ghanaians, especially as we near the December 7 election date. News to that effect made disturbing headlines in the media yesterday when the non-availability of the biometric register for the political parties’ scrutiny before the polling day was put out. Many Ghanaians who read the stories could not help wondering whether the district assembly elections were going to be re-enacted on December 7.
The Electoral commission maintains that it has integrated the new technology so as to support Ghana's voting system and that they are on course.

EC Is Prepared For Proxy Voting In December Polls - Afari Gyan

Voters Register Out On Monday (Peace FM Online)
“We are confident that our machines would work perfectly and we would have a smooth voting process,” he [ed: Dr. Kwadwo Afari Djan, chairman of the Electoral Commission] said.
There's also some attention paid to the issue of non-EC observation of the election.

Leave polling stations after voting - EC warns voters (Ghana Web)
The Electoral Commission (EC) has directed all voters to leave the polling stations immediately after casting their vote on Election Day.

The directive is in contrast to an order by the executives of some political parties in the Eastern Region who keep asking their followers and supporters at their rallies not to leave the polling stations after casting their vote, so that they will help check illegal acts that will be perpetrated by their opponents.
Editorial - Media ruled out of early voting? (Ghana Web)
It is a bizarre state of affair for the Nations electoral governing body to snub the significant role played by the media to ensure a peaceful and a transparent electoral process across the country by blatantly ruling out its participation in the early voting process.

Considering the anxiety and pockets of violence which characterized the Biometric voter registration exercise in parts of the country months ago, the Electoral commission must be self informed of possible but sizeable tension and aggression on December 7.
That's where things stand three weeks before election day.

The Ghanaian elections are providing a useful case study for students of complex, large-scale biometric ID management deployments. The issues are technical, cultural, and managerial in nature. Those in the biometrics industry and managers in complex ID environments can learn a lot from what's happening in Ghana.

Africa: Other biometric elections

KENYA: IEBC Briefs Kibaki on Poll Preparedness (All Africa).
Training electoral workers and informing the public is a HUGE part of the challenge of implementing biometric elections. It's also one of the most expensive parts ‵ more expensive than the technology, I'd say, even in places with low labor costs.

CAMEROON: Keeping the veil on women’s electoral participation (News Day)
"Allowing women to get national identity cards could also be potentially upsetting for men who want absolute control over their wives." We've made the point here over and over that a legitimate ID is a prerequisite to full participation in the modern world. It seems our point of view is widely shared.

SIERRA LEONE: 2012 Election: A test democracy (In Depth Africa)
The election will be the first since the end of the 11-year war in 2002 to be conducted entirely by the Sierra Leone government. The country’s 2.6 million voters were registered for the first time on a biometric system to prevent multiple voting and avoid electoral fraud. The Guardian (UK) also has a useful article on the stakes in Saturday's Sierra Leone election.

Wednesday, November 14, 2012

What about the United States?

So, having put Africa under the microscope (above, here & here) how is the United States doing?

America’s election process an international embarrassment (CNN)
America has one of the world’s most antique, politicized and dysfunctional procedures for its elections. A crazy quilt patchwork of state and local laws with partisan officials making key decisions and ancient technology that often breaks down. There are no national standards. American voters in more than a dozen states, for example, don’t need ID. But even India, with a GDP just 12 percent that of ours, is implementing a national biometric database for 1.2 billion voters. The nascent democracy in Iraq famously dipped voters’ fingers in purple to ensure they didn't vote again. Why are we so behind the curve?
Ouch.

A thorough biometric system gets around the fake voter ID card problem

Fake Voters’ ID Cards In T’di? (Daily Guide)
Database de-duplication and election day biometric voter verification are crucial.

Hospital Patient ID

St. Peter’s Hospital moves to biometric patient ID (Independent Record - Helena, MT)
St. Peter’s Hospital has begun using a biometric identification system it says will eliminate the need for patients to show identification with each visit while improving the certainty that medical providers will access the medical records of the correct patient.
UPDATE:
See (listen) also this interview: Biometric Patient ID Technology with M2SYS President, Michael Trader (HIT Consultant)

Lots of good discussion of the ROI available to health care providers through biometric patient ID.

Philippines: Consolidating biometric elections will have to wait until 2016

8M Voters Without Biometric Listing Can Vote – Senate Body (Manila Bulletin)
These voters could still cast their votes in 2013 because no consolidated bill has not been passed by the two chambers – Senate and the House of Representatives – of Congress and any enactment of a law on this biometrics issue would cover the 2016 elections, Pimentel said.
Still, for Philippine nationals supportive of more rigorous voter registration, 2013 might not be as bad as it sounds at first. According to the Bulletin, the 8 million records in question will be 'deactivated' from the voter rolls and re-activated if individuals apply for validation.

UPDATE:
This article seems to be saying that there will be no recourse for those who haven't registered using the biometric system.

UPDATE II:
Comelec chief clarifies stand on proposed biometrics system (Balita)
"I have always answered that I prefer it to take effect in 2016 as it would give the voters time to validate and that the 2013 polls is too close," Brillantes said in his official Twitter account.

"If its effectivity will be in 2013, many voters with no biometrics may be disenfranchised since we can no longer reopen revalidation. My view, therefore, is consistent with that of Senators [Alan Peter] Cayetano and [Koko] Pimentel — only that my statements were unfortunately taken out of context," he added.

Face Recognition is going mainstream

The LA Times: Catching up to the fact that, as far as facial recognition goes, it isn't 2001 anymore.

Trusted Travelers

TSA Pre Check - Is It Working?Yes, Pre Check works: for very few people so far at about 4 percent of all US airports. (AviationPros.com)


Tuesday, November 13, 2012

Empowerment though identity

Pakistan’s “Pocket of Productivity”: Empowerment Through Identification (Center for Global Development)
Understanding how and why institutions like NADRA and REINIC succeed and gain trust could help inform the growing number of high-tech national identification projects in poorer countries.

A pocket here, a pocket there, and pretty soon you’re talking real development!
Read the whole thing.

France severely limits biometrics for time-and-attendance

No biometrics to control working hours (CNIL)
October 23, 2012
In recent years, the control techniques employed in their workplaces have experienced unprecedented growth, including through the use of biometric devices. Therefore, the CNIL wished to obtain the opinion of trade unions and employers, the General Directorate of Labour as well as some professionals, the use of this technology. The issue of biometrics as a tool for management and control of attendance zones has been analyzed under the Data Protection Act and in accordance with the Labour Code.
The Commission has always been vigilant about biometrics. They have the peculiarity of being unique and permanent, because they identify an individual from its physical, biological or behavioral (eg fingerprint, hand contour). They are not assigned by a third party or by the person chosen. They are produced by the body itself and the means permanently thereby allowing the "tracing" of individuals and their identification.

The sensitive nature of these data that explains the Data Protection Act provides a specific control of the CNIL essentially based on the proportionality of the device in relation to the objective sought, such as time management.

On 27 April 2006, the Commission adopted a single authorization for the implementation of biometric recognition based on the contour of the hand with the purpose of access control and time management and restoration of the site work (AU-007).

Following more than a dozen hearings, consensus is clearly expressed to consider the disproportionate use of biometrics for control schedules.

Therefore, the Commission has decided to modify the TO-007 in that it allowed the use of the hand contour for time management. now, no single authorization are used to control the schedules of employees by a biometric device.

Transitional measures
Organizations that already use this device to control schedules and staff who have made ​​a commitment to comply before the publication of this new debate will continue to use it for a period of five years. After this time, they will stop using the biometric feature, which will not involve systematically changing hardware. Organizations can indeed set the system to inhibit the function and use biometric instead, codes, cards and / or badges without biometrics. The CNIL has informed individually organizations having previously sent a commitment to comply with the AU-007.

However, devices contour of the hand can still be used to control access to the premises or manage the restoration of the workplace. These treatments will continue to be a commitment to comply with the AT-007
The fact install a biometric device for purposes other than those covered by the AU-007 will give rise to requests for specific permission, which will be considered on a case by case basis by the Commission. [ed. Translation by Google; Emphasis in original]
See also: No more single authorization of the CNIL can now monitor employee schedules by a biometric hand recognition.

It seems that France has placed some limits on biometrics for time-and-attendance, preventing new adoption   and requiring a five-year phaseout for those who are currently using the technology.

CNIL explicitly okays biometrics for physical access control.

No example of actual "tracing" or violation of privacy is mentioned in the statement.

It appears the CNIL has preserved by law a certain degree inefficiency in the French labor market — inefficiency that biometric technology can help reduce. So far, this is the only case of its kind that I'm aware of.

Oh well, vive la différence.

h/t:
PogoWasRight.org
@M2SYS

Face Recognition Slot Machines

Facial-recognition software to keep problem gamblers away (stuff)
The new technology, created by a Hamilton company, is inspired by airport customs SmartGate technology.

On the surface they seem like ordinary pokie machines, but inside, a hidden camera takes a photo of the player and identifies whether they are a problem gambler. “The machine will take maybe one or two seconds to check their face and life goes on as normal,” says Paul Andrew of company Gaming Inc. “However, for someone who is in the database, the system will recognise them and instantly disable the machine.” The $15 million system works from photos, which at present are provided by problem gamblers themselves as a way to curb their gaming addiction.
Last year Australia wrapped itself around the axle on this issue (see also this). It's nice to see their neighbors across the Tasman Sea going in a different direction.

I hope the implementation goes well.

Face-Rec helps gambling addicts, reduces fraud

Monday, November 12, 2012

Ghana: Catholic Bishops commend efforts on voter registration including biometrics

Catholic Bishops Raise Alarm Over Corruption (Peace FM Online)
After the declaration of results the bishops urged all Ghanaians “to continue in the spirit of togetherness to join forces to build Mother Ghana.”

They commended the Chairman of the EC and his team for, as they stated, “their steadfastness and the preparations they have made for the upcoming elections. They have surmounted formidable challenges to make the biometric registration and voting a reality.”
This paragraph appears about half way through a longer article about what Catholic bishops in Ghana have to say about corruption.

Police to get UK-wide facial search capability

PND: Facial Search Upgrade Being Introduced (Police Oracle)
The chief officer pointed out that the move will allow specialist officers and staff to input the photos of suspects into the database – and check matches across the UK.

Once they are compared to the custody photos logged in the PND a number of matches, each with their own percentage success rate, would flash up.

“Obviously some investigations will still be needed by officers themselves after the matches come through,” said CC Barton, of Durham Constabulary.
The above linked article is very good. I recommend it highly. Then, if you're still interested in facial recognition, large databases and law enforcement, you might want to check out the two posts below where we discuss how the technology fits into police work.

(Facial Recognition vs Human) & (Facial Recognition + Human)

Canadian border guards want face rec

Thai Cop Mannequins - Now with face recognition

Thailand to introduce smarter police manikins for traffic control (FutureGov - Asia)
‘Police Sergeant Cheoy’—Police Manikins whose name means ‘Still’ are widely used and positioned at critical traffic locations in Bangkok as part of an effort to alert and remind road commuters to respect traffic regulation.

The new and smarter version of Police Sergeant Cheoy is equipped with new technology of hidden CCTV network with facial recognition system to detect driver faces, and car identification number more efficiently.
Some good photos of the ‘Smiling Traffic Police’ are here.

India: Direct cash transfers for welfare beginning January 1

Aadhaar-based cash transfer in 51 districts (Hindustan Times)
The government will launch direct cash transfer in 51 districts from 1 January and cover the entire country by April 2014, just ahead of the next Lok Sabha elections. The Prime Minister’s Office on Friday cleared the roadmap to implement the UPA-2’s ambitious project that could see the government crediting nearly Rs. 2,000 billion --- around 40 % of Centre’s plan budget -- straight into bank accounts of millions of beneficiaries of government schemes across the country.
For some background on the pilot projects and how they have gone, check out this article at the Deccan Herald. The headline is pretty harsh but the article is very thorough.

Exciting times for UID and India.

Just another deployment.

Ecclesfield students have dinner money at their fingertips (Postcode Gazette - Sheffield UK) School has changed to a cashless system for school dinners.

Not long ago, every time a deployment like this was contemplated, there were lots of complaints and journalists were more than happy to amplify them.

Friday, November 9, 2012

More interesting stuff...


They're hardly alone — Aussie mobile security not up to scratch despite concerns (ITWire)


Commercial Biometrics — Reading your face could be big business (Barnstable Patriot)


Uttar Pradesh, India:  Govt signs deal for smart card-based driving licences (Indian Express)


Deduplication by fire: Sierra Leone Electoral Commission destroys over voter 80,000 voter ID cards (Awoko)

Seek and ye shall find

FBI looks for mobile biometric capture software (FierceGovernmentIT)

From the RFI (pdf):
The purpose of B-iD Program is to provide FBI users the tools needed in order to access the biometric identification power of the US Government, in real time, at any point on the planet in support of operations.

Bang flash

I'm always amazed by the range of problems imaginative people are addressing with biometrics.

Capturing a shooter’s face in a firefight (FOX News)
Fire a gun and your location can be pinpointed, your face photographed and your identity instantly determined -- all thanks to a new technology tag team.

Eye biometrics & mobile security

EyePrints to Provide Smartphone Security (Consumer Affairs)
It sounds like something out of a James Bond movie but it could be available on your smartphone next year. It's a biometrics application that uses your "eye print" to access sensitive information with your mobile device.
WVU's Arun Ross is quoted in the article.

Cash, with strings

Why India should hand out cash, rather than fuel and food, to the needy (The Economist)
As other countries have discovered, handing out cash is more efficient and less susceptible to corruption than handing out food or subsidising fuel. But as long as many of India’s 1.2 billion people lacked proper identification, let alone bank accounts, cash transfers were impracticable.

Now technology offers a powerful solution. A huge project is getting millions of Indians biometrically identified and opening accounts for them. Nandan Nilekani, an IT billionaire who is the brains behind it, expects that by the end of 2014 600m Indians will be enrolled, creating the infrastructure for a system of cash welfare.
The Economist has been consistent in its support of UID and welfare reform in India.


UPDATE: More from The Economist
Money where your mouth is: A debate is growing about how to get welfare to the needy

Wednesday, November 7, 2012

Google, Image Recognition & Search

The Midnight Epiphany That Changed Like.com From An Over-Hyped Failure To A $100 Million Acquisition (Fast Company)
On April 25th, 2006, just after midnight, Shah was looking at Riya’s stats when he noticed that for every person uploading personal pictures and tagging them, 20 others were using Riya for search. He immediately emailed one of his cofounders, Gokturk, who replied within five minutes. “I wonder what they are searching for?” Gokturk wrote back. “Why are they using our site instead of Google or Yahoo Images?”
Read the whole thing, then see: Biometrics, object recognition and searchinspired by an earlier Google acquisition.
Key paragraph:
With this acquisition, I suspect Google doesn't so much have facial recognition for identity search as they have object recognition in mind. First, Google has been wary of face recognition in public search. Whether this is due to the technical challenges of an unbound face rec application or a respect for the privacy of their users, I'll leave it to the reader to judge. It is also a much different challenge to return the result "This is a human face" than it is to say "This is a human face and that face belongs to Guy Herbert." In most object search the first type of result will be the most desirable anyway. If you submit a photo of an insect to a search, you aren't asking about the insect's individual identity, you probably just want to know what type of insect it is."
The current case, well documented by Fast Company, seems to bear that out.

UPDATE: Interoperability, the Emirates ID & Social Media

ID card was supposed to make things easier (7 Days in Dubai)
I went to update my eGate card only to be told that they can’t use our UAE ID cards because they don’t have the machines to accept the cards.

I thought paying out all that money for ID cards was to help out with situations if you didn’t have your passport with you. What’s going on?
Two things of note here...

If "Confused, UAE" is typical, customers/users/stakeholders are beginning to expect interoperability as far as ID systems go.

The social media presence of the Emirates ID people is impressive. The Emirates ID Authority found this post a day after it went up and used the site's comments section to offer assistance to the individual having problems. That's pretty cool.

Twitter: @EmiratesID

UPDATE: 8 NOVEMBER 2012
The people at the Emirates ID Authority were kind enough to direct my attention to web resources explaining how Emiratis (citizens and residents) can add e-gate service to their Emirates ID for use at all UAE airports.


They're saying that the e-gates and the national ID systems are, in fact, interoperable.

The question, however, of why the holder of an Emirates ID must proactively link their ID to the e-gate system remains. So let's take a look at what automatic recognition of every Emirates ID at e-gates would mean.

For all Emirates ID's to work automatically and by default with all e-gates at all UAE airports with a high degree of security and accuracy, the UAE central ID database would have to either:

(1) be available to hardware (e-gates) located at all airports at all times (in order to compare information on the card with information in the database) or

(2) regularly update all e-gate hardware with copies of parts of the central database information (the parts relevant to travel) on all residents at all UAE airports.

There are actually some pretty good reasons you might not want to do either of these things, database security first and foremost among them. Regarding a national ID central database, a conservative approach to information sharing would yield an attitude that the least amount of information should be shared that still allows the desired service to be provided. Right now that seems to mean that only a small slice of information held by the Emirates ID Authority about a small slice of the population is shared to the e-gate system on an opt-in basis.

Like we occasionally say around here, ID management technology is a powerful tool. The management part is very important though. People — human managers and decision makers — give its use meaning. Perhaps one day ID information will be shared ubiquitously and securely to provide extremely high levels of citizen services without requiring much if any forethought from individuals. It looks like that's the way the world is heading, however haltingly. But it's also easy to see why a government, especially an early adopting one, would want to take a step by step approach toward getting there.

Of course, one could still quibble with other management decisions such as the fees or the extra bureaucratic step involved, but that's a question of how, rather than why.

I'll also repeat my earlier praise for the Emirates ID social media presence.
@EmiratesID (by our own experience) and @EmiratesID_Help (by all appearances) are both highly engaged and responsive ways for the public both inside and outside the UAE to learn more about and interact with the Emirates ID Authority.

UPDATE II: 11 NOVEMBER 2012

I'm afraid I was understood by @EmiratesID to be saying the opposite of what I meant as the update above prompted this response:



That's not contrary to our view, at all. We take @EmiratesID at its word that "there are a few who find this service useful and beneficial..." In fact, I'm quite sure they're being modest.

Of course, some complaints are inevitable with ID and airports. I don't wish to elevate one person's confusion as the issue. The interesting things about the 7 Days in Dubai piece that inspired this post are the questions it provokes about how high-tech ID systems work, why they work the way they do, and the importance of efforts to help and explain things to stakeholders.

For the e-gates to work in the way that "Confused, UAE" expected, database practices that many would consider unwise would have to be put into place. Given that the technology is new and that the UAE is an early adopter of a more high-tech approach to ID, it is important to strike a proper balance between convenience and service on the one hand and data security on the other. The Emirates ID Authority is by all appearances serious about striking that balance and possess the abilities to do so. It is therefore not surprising in the least that many (even the vast majority) of Emiratis find the technology and services offered by the Emirates ID Authority extremely useful and beneficial.

I am aware of no evidence that the EmiratesID Authority is "doing it wrong" and there is plenty of evidence  that they are doing it right. That includes their responsiveness as an organization and I thank them for it.

[Edit: In the case that someone at EmiratesID (or anyone else for that matter) wants to respond more expansively than allowed by Twitter's 140 character limit, I can be reached at blog@securlinx.com and would love to hear from you.]

Tuesday, November 6, 2012

UAE: Iris border ID system detects 20,000 illegal entry attempts in 9 months...

...and almost 350,000 since 2003.

Iris scan prevented entry of 20,000 deportees into UAE: Director General of Abu Dhabi Police Central Operations (Emirates ID)
H.E. Major General Ahmed Nasser Al Raisi, Director General of Abu Dhabi Police Central Operations and Emirates Identity Authority Board Member, has unveiled that during the first nine months of this year, the iris scan succeeded in preventing the entry of 20,476 deportees and ex-convicts while trying to re-enter the UAE via the different entry points.

In news published in Al Bayan newspaper today, Al Raisi said the iris scan prevented the entry of 347,019 deportees to the UAE since the system was comprehensively put to use in September 2003 up to end of last September.

United States: Happy Election Day!

Today is Election Day in the United States and — as I was reminded upon pulling in at our nearly-empty local parking garage — it's a state holiday here in the State of West Virginia and also in Delaware, Hawaii, Kentucky, Montana, New Jersey, New York, Ohio, and the territory of Puerto Rico.

While most of us, if we live in a representative democracy, think about election day as happening every so often. Other people are always thinking about elections, not from a partisan or even a political perspective but from the technical and scientific aspects of how to engineer better electoral mechanisms.

The E-Lected blog is the work of one group of people answering the description above. They do good work. Check them out by clicking their logo below.

e-lected blog (a view on electronic voting around the world).

Today they have a timely contribution: Technological solutions to the problems of voter authentication. The closing paragraph is quoted below but it's well worth reading the whole thing, and if you're interested in nuts-and-bolts electoral issues, e-lected is worth a regular visit.
As a blog advocating for the implementation of the electronic technologies to strengthen modern democracies, we are convinced that, if a polling station has a reliable electronic poll book with a robust database which includes biographic and biometric information of every eligible voter in, and the voters are authenticated by means of a fingerprint-based biometric device, both problems can be solved and election integrity and legitimacy guaranteed.

Monday, November 5, 2012

New Zealand investigates passport fraud with facial recognition

Checks reveal 65 false passports (The New Zealand Herald)
Of the 65 suspected false passports discovered by the DIA, 30 cases have been sent to the police national headquarters.

Of those, 21 were referred to relevant police districts for follow up. Five have been convicted, three are before the courts, two have been filed and 11 remain under investigation.

In the five cases prosecuted, eight people were convicted on a range of charges, with sentences ranging from conviction and discharge up to several months' home detention.
When it comes to faking their passports, Kiwis don't play.

Networked IT ID management in the real world

Passwords are the weak link in IT security (Computerworld)
Password security is the common cold of our technological age, a persistent problem that we can't seem to solve. The technologies that promised to reduce our dependence on passwords -- biometrics, smart cards, key fobs, tokens -- have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.

All of which makes password management a nightmare for IT shops. "IT faces competing interests," says Forrester analyst Eve Maler. "They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts."

Is there a way out of this scenario? The answer, surprisingly, may be yes.
It goes on from there to cover several different solutions, including biometrics.

Nigeria: One state losing $400,000 per month to ghost workers

Nigeria: Ekiti Loses N63 Million to Ghost Workers Monthly (All Africa)
[... T]he first physical verification exercise showed that there are 19,258 personnel in the 16 local government areas, while subsequent biometric data capture revealed that there are 19,212 staff.

He said a further check showed that there are 17,889 staff on the nominal roll while 1,323 staff collecting about N63 million on a monthly basis are not on the nominal roll.

Adewumi stated further that for efficiency at the third tier of government, the state government has decided to redeploy 1,756 workers who have National Certificate of Education (NCE) and other education-related qualifications to the State Universal Basic Education Board and the Teaching Service Commission.

This, the commissioner said would relieve the councils of a monthly financial implication of N53 million.

Friday, November 2, 2012

Wonderful New World vs. Brave New World

Data Privacy Commissioners Discuss Ubiquitous Tracking (Forbes)
The big question for those gathered here is finding the right mix between government regulations, industry’s best practices and consumer education. In a speech at the conference, Microsoft general counsel and executive vice president Brad Smith agreed that some regulations are necessary to create a level playing field and a clear set of rules for big and small companies to follow while regulators like Portugal’s Clara Guerra acknowledged that big government can’t solve all the risks associated with big data. It’s a shared responsibility and it requires consumer awareness starting with privacy education programs aimed at children as well as adults.
Author Larry Magid strikes an important balance between the wonderful things made possible by technological innovation, the downsides of unaccountable misuse, and the need to help people stay aware of the implications of changing technology on their lives.

I hope his temperament is contagious.

Ghana testing biometric voter verification hardware

Biometric voter registration without verification leaves certain electoral risks (ballot stuffing, ballot destruction) unmitigated.

It looks like Ghana is aware of those risks and has seen fit to implement a biometric voting system that covers both ends of the electoral process.

EC to test biometric verification devices Nov. 3 and 4 (Modern Ghana)
Before ballot papers are issued to voters, their identities will first be verified "biometrically". Thumbprints of voters will be captured by the verification devices and cross-checked against prints collected during the biometric registration exercise.

This is to establish whether a voter has indeed been captured on the voters' register. Apart from the introduction of the verification device, the EC says it will also make use of the name reference list which indicates specific locations of voters on the register eliminating the task of flipping through the entire register to find a voter.
A post covering some of the nuts and bolts of why registration without verification could be inadequate is here. The issues are discussed within the Ghanaian context but they apply far more broadly.

Thursday, November 1, 2012

Bypassing an Iris Scanner? There's Got To Be a Better Way.

In honor of today's twitter biometric chat on iris biometrics, here's a post from July 30 containing thoughts on the implications of a recent iris biometrics hack...


A couple of weeks ago, when the news broke that someone had claimed to have "hacked" iris biometrics by reverse engineering a template into an image of an iris that would be accepted by an iris recognition system, I said: It's not a real biometric modality until someone hacks it.

That's because a hacking claim can generate a lot of media publicity even if it doesn't constitute proof that a technology is fatally flawed. Where's the publicity value of hacking something that nobody uses, anyway? Claims like this can also be taken as a sign that a new technology, iris biometrics in this case, has crossed some sort of adoption and awareness threshold.

So what about the hack? Now that more information is available and assuming that Wired has things about right, "experiment" is a far better descriptor than "hack" for what actually went down. "Hack" would seem to indicate that a system can be manipulated into behaving unexpectedly and with exploitable consequences in its real world conditions. Think of picking a lock. A doorknob with a key hole can be manipulated by tools that aren't the proper key to open a locked door in its normal operating environment.

The method that the researchers relied upon to develop the fake iris from the real template bears no resemblance to the lock-picking example. What  the researchers did is known as hill-climbing. In simple terms, it's like playing the children's game Cold-Warm-Hot but the feedback is more detailed. A hill-climbing experiment relies upon the system being experimented on giving detailed information back to the experimenter about how well the experimenter is doing. The experimenter presents a sample and the system gives a score (cold, warm, hot). The experimenter refines the sample and hopes the score will improve. Lather, rinse, repeat. A few hundred iterations later, the light turns green.

Technically, you don't even need to have a sample (template) to start hill climbing. You could just start feeding the system random characters until you hit upon a combination that fit the template's template(?).

This is one of those exercises that is academically interesting but doesn't provide much useful information to system engineers or organization managers. Scientific experiments deal with their subjects by isolating and manipulating one variable at a time. Real world security systems are deployed with careful consideration of the value of what is being protected and a dependence upon all sorts of environmental factors.

A person who wanted to bypass an iris scanner using this method in the real world would:

1. Hack into a biometric database to steal a template of an authorized user; pray templates aren't encrypted
2. Determine which biometric algorithm (which company's technology) generated the template
3. Buy (or steal) that company's software development kit
4. Build and successfully run the hill-climbing routine
5. Print the resulting image using a high quality printer
6. Go to the sensor
7. Place print-out in front of iris scanner
8. Cross fingers

Simple, right? Compared to what?

Once you're talking about hacking into unencrypted biometric template databases (and depending upon your CRUD privileges) almost anything is possible and little of it requires Xeroxing yourself a pair of contact lenses.

Why not just blow away the whole database of iris templates? Problem solved. The scanners, now just locks with no key, would have to be disabled at least temporarily.

If stealth is more your style, just hack into the database, create a credential for yourself by placing your very own iris template in there and dispense with the whole rigmarole of the hill-climbing business. Delete your template (and why not all the others) after the heist.

If your hacking skillz aren't up to the task, you could stalk someone who is already enrolled with a Nikon D4 and a wildlife photography lens and skip steps one thru four (and eight) on the above list.

You could trick, threaten or bribe someone into letting you in.

Break the door or a window.

The elaborateness of the process undertaken by the researchers pretty much proves that the iris sensor isn't going to be the weak link in any real world security deployment.

Iris ≠ Retina

In honor of today's twitter biometric chat on iris biometrics, here's a brief post from March 22 explaining the difference between the eye's iris and retina...


Unlike yesterday's treatment in Voice Recognition ≠ Speech Recognition, the terms, "iris" and "retina" are in no way up for grabs.

The iris (left), which gives people "eye color," controls how much light enters the eyeball. The retina (right) is the structure laying along the inside, back surface of the eyeball that translates light into nervous impulses for the optic nerve to send to the brain.

In a camera analogy, the iris would be, well, the iris, since cameras have them, too. The retina would be the film, or in an even better digital analogy, the charge-coupled device (CCD) that translates light into ones and zeros for computer chips.

Both iris and retina are used as biometric modalities in identity management applications.

Iris biometrics match the iris's unique surface features (similar to fingerprints). Retina biometrics use eye's vascular network for matching.

Retinas have been in use as a biometric identifiers for far longer than iris (1984 vs 1995), but using the iris is far more common today. This is because using the iris makes for cheaper and easier identifications.

For more on the subject, I recommend this. It was written in 2006. Both technologies will have improved since then, but iris technologies have improved faster.

Today's Biometric Chat transcript available

It was a great conversation with lots of participants. Many thanks to John at M2SYS and Jeff of EyeLock for taking the time to put it all together.

Twitter Biometric Chat transcript on Iris biometrics is up at Storify